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Preface 


Using the Qualys API, third parties can integrate their own applications with Qualys cloud 
security and compliance solutions using an extensible XML interface. The APIs described 
in this guide are available to customers using Qualys Cloud Platform (VM, PC). 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com. 


Contact Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/. 
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Welcome 


The Qualys API allows third parties to integrate their own applications with Qualys cloud 
security and compliance solutions using an extensible XML interface. APIs in this user 
guide are supported using Qualys Cloud Platform (VM, PC). 


We recommend you join our Community and subscribe to our API Notifications RSS Feeds 
for announcements and discussions. 


Get API Notifications 
Join our Community 
API Notifications RSS Feeds 


API Conventions 


Qualys User Account 


Authentication with valid Qualys user account credentials is required for making Qualys 
API requests to the Qualys API servers. These servers are hosted at the Qualys platform, 
also referred to as the Security Operations Center (SOC), where your account is located. If 
you need assistance with obtaining a Qualys account, please contact your Qualys account 
representative. 


Users with a Qualys user account may access the API functions. When a subscription has 
multiple users, all users with any user role (except Contact) can use the Qualys API. Each 
user's permissions correspond to their assigned user role. 


Qualys user accounts that have been enabled with VIP two-factor authentication can be 
used with the Qualys API, however two-factor authentication will not be used when 
making API requests. Two-factor authentication is only supported when logging into the 
Qualys GUI. 


Qualys API Server URL 


The Qualys API URL you should use for API requests depends on the Qualys platform 
where your account is located. 


Welcome 
Qualys API Server URL 


Click here to identify your Qualys platform and get the API URL 


This documentation uses the API server URL for Qualys US Platform 1 
(https://qualysapi.qualys.com) in sample API requests. If you’re on another platform, 
please replace this URL with the appropriate server URL for your account. 


Still have questions? You can easily find the API server URL for your account. 


Just log in to your Qualys account and go to Help > About. You'll see this information 
under Security Operations Center (SOC). 


About 


Identified Services 


Identified OS 


Additional References 


Qualys Web Service 
Application Version: 

Online Help Version: 

SCAP Module Version: 
Qualys External Scanners 


Security Operations Center (SOC): 


Scanner Version: 

Vulnerability Signature Version: 
Scanner Services 

Qualys Scanner Appliances 


Security Operations Center (SOC): 
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Launch Help x 


8.9.0.2-2 
8.9.29-1 
1.2 


64.39.96.0/20 (64.39.96.1-64.39.111.254) 
9.0.29-1 

2.3.492-2 

3.0.12-1 


- qualysguard.qualys.com:443 

- dist01.sjdc01.qualys.com:443 

- nochost.sjdc01.qualys.com:443 
- scanservice1.qualys.com:443 

- all in 64.39.96.0/20 


Welcome 
Making API requests 


Making API requests 


Curl samples in our API docs 


We use curl in our API documentation to show an example how to form REST API calls, 
and it is not meant to be an actual production example of implementation. 


GET and POST Methods 


Qualys API functions allow API users to submit parameters (name=value pairs) using the 

GET and/or POST method. There are known limits for the amount of data that can be sent 
using the GET method, and these limits are dependent on the toolkit used. Please refer to 
the individual descriptions of the API function calls to learn about the supported methods 
for each function. 


Parameters in URLs 


API parameters, as documented in this user guide, should be specified one time for each 
URL. In the case where the same parameter is specified multiple times in a single URL, the 
last parameter takes effect and the previous instances are silently ignored. 


Date Format in API Results 


The Qualys API has adopted a date/time format to provide consistency and 
interoperability of the Qualys API with third-party applications. The date format follows 
standards published in RFC 3339 and ISO 8601, and applies throughout the Qualys API. 


The date format is: 


yyyy-mm-ddThh-mm-ssZ 


This represents a UTC value (GMT time zone). 


URL Encoding in API Code 


You must URL encode variables when using the Qualys API. This is standard practice for 
HTTP communications. If your application passes special characters, like the single quote 
3), parentheses, and symbols, they must be URL encoded. 


For example, the pound (#) character cannot be used as an input parameter in URLs. If “#” 
is specified, the Qualys API returns an error. To specify the “#” character in a URL you must 
enter the encoded value “%23”. The “#” character is considered by browsers and other 
nternet tools as a separator between the URL and the results page, so whatever follows an 
un-encoded “#” character is not passed to the Qualys API server and returns an error. 


UTF-8 Encoding 


The Qualys API uses UTF-8 encoding. The encoding is specified in the XML output header 
as shown below. 


<?xml version="1.0" encoding="UTF-8" ?> 
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API Limits 


URL Elements are Case Sensitive 


URL elements are case sensitive. The sample URL below will retrieve a previously saved 
scan report that has the reference code “scan/987659876.19876”. The parameter name 
“ref” is defined in lower-case characters. This URL will return the specified scan report: 


https://qualysapi.qualys.com/msp/scan report.php? 
ref=scan/987659876.19876 


The sample URL below is incorrect and will not return the specified scan report because 
the parameter name “Ref” appears in mixed-case characters: 


https://qualysapi.qualys.com/msp/scan_report.php? 
Ref=scan/987659876.19876 


Decoding XML Reports 


There are a number of ways to parse an XML file. Select the method which is most 
appropriate for your application and its users. Qualys publishes DTDs for each report on 
its Web site. For example, the scan list output DTD is found at the URL shown: 


https://qualysapi.qualys.com/api/2.0/fo/scan/scan list output.dtd 
The URLs to current report DTDs are included with the function descriptions in this 
document. 


Occasionally Qualys updates the report DTDs. It is recommended that you request the 
most recent DTDs from the Qualys platform to decode your reports. The URLs to the 
report DTDs are included in this user guide. 


Detailed information about each XML report is provided in the document Qualys API for 
VM and Compliance XML/DTD Reference 


Some parts of the XML report may contain HTML tags or other special characters (such as 
accented letters). Therefore, many elements contain CDATA sections, which allow HTML 
tags to be included in the report. “High” ASCII and other non-printable characters are 
escaped using question marks. 


API Limits 


Qualys Cloud Platform enforces limits on the API calls subscription users can make. The 
limits apply to the use of all APIs, except “session” API (session login/logout). 


API controls are applied per subscription based on your subscription’s service level. 
Default settings are provided and these may be customized per subscription by Qualys 
Support. 


There’s 2 controls defined per subscription: 


- Concurrency Limit per Subscription (per API). The maximum number of API calls allowed 
within the subscription during the configured rate limit period (as per service level). 
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Welcome 
Tracking API usage by user 


- Rate Limit per Subscription (per API). The period of time that defines a window when API 
calls are counted within the subscription for each API. The window starts from the 
moment each API call is received by the service and extends backwards 1 hour or 1 day. 
Individual rate and count settings are applied (as per service level). 


Click here to learn more about the controls and settings per service level. 


How it works - Qualys checks the concurrency limit and rate limit each time an API 
request is received. In a case where an API call is received and our service determines a 
limit has been exceeded, the API call is blocked and an error is returned (the concurrency 
limit error takes precedence). 


Tracking API usage by user 


You can track API usage per user without the need to provide user credentials such as the 
username and password. Contact Qualys Support to get the X-Powered-By HTTP header 
enabled. Once enabled, the X-Powered-By HTTP header is returned for each API request 
made by a user. The X-Powered-By value includes a unique ID generated for each 
subscription and a unique ID generated for each user. See sample headers below. 


Click here to learn more. 


HTTP Response Headers 


Your subscription’s API usage and quota information is exposed in the HTTP response 
headers generated by Qualys APIs (all APIs except “session” API). 


The HTTP response headers generated by Qualys APIs are described below. 


The HTTP status code “OK” (example: “HTTP/1.1 200 OK”) is returned in the header for 
normal (not blocked) API calls. The HTTP status code “Conflict” (example: “HTTP/1.1 409 
Conflict”) is returned for API calls that were blocked. 


Header Description 


X-RateLimit-Limit Maximum number of API calls allowed in any given 
time period of <number-seconds> seconds, where 
<number-seconds> is the value of X-RateLimit- 
Window-Sec. 


X-RateLimit-Window-Sec Time period (in seconds) during which up to <number- 
limit> API calls are allowed, where <number-limit> is 
the value of X-RateLimit-Limit. 


X-RateLimit-Remaining Number of API calls you can make right now before 
reaching the rate limit <number-limit> in the last 
<number-seconds> seconds. 


X-RateLimit-ToWait-Sec The wait period (in seconds) before you can make the 
next API call without being blocked by the rate limiting 
rule. 


X-Concurrency-Limit-Limit Number of API calls you are allowed to run 
concurrently. 
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Header Description 
X-Concurrency-Limit- Number of API calls that are running nght now 
Running (including the one identified in the current HTTP 


response header). 


X-Powered-By This header is only returned when the X-Powered-By 
header is enabled for your subscription. It includes a 
unique ID generated for each subscription and a 
unique ID generated for each user. Click here to learn 
more. 


Sample HTTP Response Headers 


Sample 1: Normal API call (API call not blocked) 
Returned from API call using HTTP authentication. 


HTTP/1.1 200 OK 

Date: Fri, 22 Apr 2018 00:13:18 GMT 
Server: qweb 

X-RateLimit-Limit: 15 
X-RateLimit-Window-Sec: 360 
X-Concurrency-Limit-Limit: 3 


X-Concurrency-Limit-Running: 1 
X-RateLimit-ToWait-Sec: 0 
X-RateLimit-Remaining: 4 


Transfer-Encoding: chunked 


Content-Type: application/xml 


Sample 2: API Call Blocked (Rate Limit exceeded) 
Returned from API call using HTTP authentication. 


HTTP/1.1 409 Conflict 

Date: Fri, 22 Apr 2018 00:13:18 GMT 
Server: qweb 

X-RateLimit-Limit: 15 
X-RateLimit-Window-Sec: 360 
X-Concurrency-Limit-Limit: 3 


X-Concurrency-Limit-Running: 1 
X-RateLimit-ToWait-Sec: 181 
X-RateLimit-Remaining: 0 


Transfer-Encoding: chunked 


Content-Type: application/xml 


Sample 3: API Call Blocked (Concurrency Limit exceeded) 
Returned from API call using API session authentication. 
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HTTP/1.1 409 Conflict 

Date: Fri, 22 Apr 2018 00:13:18 GMT 
Server: qweb 

Expires: Mon, 24 Oct 1970 07:30:00 GMT 
Cache-Control: post-check=0,pre-check=0 
Pragma: no-cache 

X-RateLimit-Limit: 15 
X-RateLimit-Window-Sec: 360 
X-Concurrency-Limit-Limit: 3 


X-Concurrency-Limit-Running: 3 


Transfer-Encoding: chunked 
Content-Type: application/xml 


In case where the concurrency limit has been reached, no information about rate limits 
will appear in the HTTP headers. 


Sample 4: Tracking API usage through the X-Powered-By HTTP header 


HTTP/1.1 200 OK 
Date: Fri, 22 Apr 2018 00:13:18 GMT 
Server: qweb 
X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745-82e9- 
980877cc5043:£178afle-4049-7fce-81ca-75584feb8e93 
X-RateLimit-Limit: 15 
X-RateLimit-Window-Sec: 360 
X-Concurrency-Limit-Limit: 3 


X-Concurrency-Limit-Running: 1 
X-RateLimit-ToWait-Sec: 0 
X-RateLimit-Remaining: 4 
Transfer-Encoding: chunked 
Content-Type: application/xml 


Once X-Powered-By HTTP header is enabled, information is returned in the following 
format: 


X-Powered-By Qualys:<POD_ID>:<SUB_UUID>:<USER_UUID> 

Where, 

POD_ID is the shared POD or a PCP. Shared POD is USPOD1, USPOD2, etc. 
SUB_UUID is the unique ID generated for the subscription 

USER_UUID is the unique ID generated for the user 

For example, 


X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745-82e9- 
980877cc5043:f178afle-4049-7fce-81ca-75584feb8e93 
You can use the USER_UUID to track API usage per user. 
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Activity Log 


You can view the Activity Log using the Qualys user interface and the Activity Log API 
(/api/2.0/fo/activity_log). The Activity Log shows details about user actions taken. 


To view the Activity Log, log into your Qualys account. Go to Users and click the Activity 
Log tab. Select Filters > Recent API Calls. You'll see the API Processes list showing the API 
calls subject to the API limits (all APIs except “session” API) made by subscription users 
and/or updated by the service in the past week. 


Tip - You can search the processes list to find API processes. You can search by process 
state (Queued, Running, Expired, Finished and/or Blocked), by submitted date and by last 
updated date. You can search for API processes that were blocked due to exceeding the API 
rate limit and/or the API concurrency limit. 
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Authentication to your account 


Authentication with valid Qualys account credentials is required for making Qualys API 
requests to the Qualys API servers. When calling the V2 APIs (i.e. APIs with /2.0/ as URL 
element), users have the option to choose between session based authentication (using 
login and logout operations) and basic HTTP authentication (method supported for V1 
APIs (i.e. APIs with /msp/ as URL element). 


What do I need to know? 
Using the API Session Resource 
Session Login 


Session Logout 


What do | need to know? 


Here’s some things to know about making authenticated API requests to Qualys API 
Servers. 


Required Header Parameter 


The following header parameter must be included in all API calls using basic HTTP 
authentication and session based authentication: 


"X-Requested-With: <user description, like a user agent>" 


Specifying the required “X-Requested-With” parameter helps to protect Qualys API users 
from cross-site request forgery (CSRF) attacks. 


Using Basic HTTP Authentication 


Using this method, Qualys account credentials are transmitted using the “Basic 
Authentication Scheme” over HTTPS for each API call. For information, see the “Basic 
Authentication Scheme” section of RFC #2617: 


http://www.faqs.org/rfcs/rfc2617.html 
The exact method of implementing authentication will vary according to which 
programming language is used. 
A sample asset/host API request (Curl) using basic HTTP authentication: 


curl -H "X-Requested-With: Curl Sample" -u "acme_ab12:passwd" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/?action=list" 
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Using Session Based Authentication 


Using this method, the user makes a sequence oÍ API requests as follows (supported for V2 
API calls): 


Step 1: Make session login request 


Use the Qualys API session resource to make a login request. Upon success, the request 
returns a session ID in the Set-Cookie HTTP header: 


curl -H "X-Requested-With: Curl Sample" -D headers 
-d "action=login&username=acme_abl2&password=passwd" 
"https://qualysapi.qualys.com/api/2.0/fo/session/" 


Step 2: Make resource requests 


Use the API resources to make API requests, as described in this user guide, and include 
the session ID in the cookie header for each request. 


You'll notice the session cookie (QualysSession) was extracted from the “headers” file 
contents returned from the session login API call (Step 1 above): 


curl -H "X-Requested-With: Curl Sample" 

-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" -d "action=list" 
"https://qualysapi.qualys.com/api/2.0/fo/report/" 


Step 3: Make session logout request 


Once logged in to Qualys you can make multiple API requests. Use the Qualys API 
session resource to logout of the current session. Logging out of the session closes the 
open session and ensures secure, ongoing access to your account. Access may be denied if 
a user makes too many session login requests without closing sessions properly: 


curl -H "X-Requested-With: Curl Sample" 

-b "QualysSession=10b8eb6d4553b4dlecbh860c2b3c247d4; path=/api; 
secure" -d "action=logout" 
"https://qualysapi.qualys.com/api/2.0/fo/session/" 


Using the API Session Resource 


Sessions created using the Qualys API via the session resource are equivalent in every 
way to sessions created by users logging into the Qualys user interface. Too many open 
sessions, whether created via the API and/or via user interface login, will lock out new 
session login attempts from both interfaces (user and API). 
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The request URL has several elements. The following elements appear in every request 
URL based on the API V2 architecture. 


URL element Description 

qualysapi.qualys.com:443 FQDN of the Qualys API server and option port (443 if 
specified). 

api Qualys Application component name. 

2.0 Qualys API version number. 

fo Qualys interface component name. 

session|scan|report or other Qualys API resource name, i.e. session or some other 

component name component like scan or report etc. 

action={value} Qualys API resource-specific action. In the sample session 


login URL above, the action is “login”. 


Session Login Request 


The session login request includes the Qualys user login credentials, the request URL, and 
the location where the HTTP response headers will be saved. 


ři 


[he sample API call below saves the HTTP headers in a local file named “headers”: 


curl -H "X-Requested-With: Curl Sample" -D headers 
-d "action=login&username=acme_ab12&password=passwd" 
"https://qualysapi.qualys.com/api/2.0/fo/session/" 


If you do not wish to store this information in the “headers” file, you can save the HTTP 
header in a cookie as shown below: 


curl -H "X-Requested-With: Curl Sample" -c cookie.txt 
-d "action=login&username=acme_abl2&password=passwd" 


"https://qualysapi.qualys.com/api/2.0/fo/session/" 


Upon success, the sample Qualys API call returns an XML response with the message 
“Logged in” and the Qualys API session ID in the Set-Cookie HTTP header. See “HTTP 
Response Headers” for further information. 


Resource Requests 


When session based authentication is used, the session cookie returned in the XML 
response from the session login request must be included in the cookie header of 
subsequent API requests. Multiple API requests can be made using the same session 
cookie (this is supported using V2 API requests). 


a 


The resource request includes the Qualys user login credentials, the Qualys API session ID, 
the request URL, and the location where the HTTP response headers are saved. 


mr 


[he sample API request below is used to request a list of reports in the user's Report Share 
storage space. You'll notice the session cookie (QualysSession) was extracted from the 
“headers” file contents returned from the session login API call. 
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curl -H "X-Requested-With: Curl Sample" 

-d "action=list" 

-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/report/" 


If you saved the HTTP response headers (from the session login request) in a cookie file, 
make an API request to obtain the cookie from the cookie file as shown below: 


curl -H "X-Requested-With: Curl Sample" 
-d "action=list" 
-b "cookie.txt" "https://qualysapi.qualys.com/api/2.0/fo/report/" 


Upon success, the sample report list API call returns an XML response listing the reports in 
the user’s Report Share. In progress and completed reports are included. 


HTTP Response Headers 


These API requests return HTTP response headers: session login requests, session logout 
requests, and fetch (download) report requests. These requests provide information to the 
third party application about the XML output. 


Sample XML output showing HTML response headers returned from a session logout 
request: 


HTTP/1.1 200 OK 

Date: Wed, 20 Jun 2007 16:21:03 GMT 

Server: qweb/3.3h 

Set-Cookie: QualysSession=7le6cda2a35d2cd404cddaf305ea0208; 
path=/api; secure 

Expires: Mon, 24 Oct 1970 07:30:00 GMT 

Cache-Control: post-check=0,pre-check=0 


Pragma: no-cache 
Connection: close 


A 


[ransfer-Encoding: chunked 
Content-Type: text/xml 


Sample XML output showing HTML response headers returned from a fetch (download) 
report request, where the report format is HTML: 


HTTP/1.1 200 OK 

Date: Wed, 20 Jun 2007 16:36:42 GMT 
Server: qweb/3.3h 

Expires: Mon, 24 Oct 1970 07:30:00 GMT 
Cache-Control: post-check=0,pre-check=0 


Pragma: no-cache 
Content-Disposition: attachment; 
filename=scan_report_ 1182357402.zip 
Content-length: 98280 

Connection: close 
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Content-Type: application/zip 


Expires HTTP Header - For the Expires header, Qualys complies with RFC #2109 and sets 
the Expires date to an old date (a date long in the past). Currently Qualys sets the Expires 
date to “Mon, 24 Oct 1970 07:30:00 GMT”. Note that Qualys cookie expiration is managed 
on the server side, and Qualys does not rely on clients to drop their expired cookies. 
Session Logout Request 


A sample session logout request (POST method) is shown below. Upon success, the sample 
Qualys API call returns an XML response with the message “Logged out”. 


curl -H "X-Requested-With: Curl Sample" 

-d "action=logout" 

-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/session/" 


See “Session Logout” below for further information. 


Session Timeout 


Every Qualys user account has a session timeout setting. This setting is configurable at 
the subscription level by Manager users in the Qualys user interface (go to Users > Setup > 
Security). For a new subscription, this is set to 60 minutes. 


The session timeout applies to sessions started using the user interface and sessions 
started using the Qualys APIs, including APIs based on the new API architecture. 


When you launch a scan or report (using Report Share), the task is launched in the 
background, and processing does not timeout until the task has completed. 


Session Login 
/api/2.0/fo/session/?action=login 


[POST] 


Make a request to Qualys API server for session login. 


A session login request is used to authenticate to the Qualys API and receive a Qualys API 
session ID, which must be included in the cookie header of subsequent API resource 
requests. 


Input Parameters 


Parameter Description 
action=login (Required) A flag used to make a session login request. 
username (Required) The user name (login) of a Qualys user account. 
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Parameter Description 


password (Required) The password of a Qualys user account. 


When using -d in the curl request for login, you must URL 
encode any special characters in the password. For 
example, if your password is Peas+Carrots then you must 
specify it as password=Peas%2BCarrots or authentication 
will not be successful. 


When using -u in the curl request for login, you can enter 
the password as is without URL encoding special 
characters. Using the same example, you'd specify 
password=Peas+Carrots as part of the request. 


echo_request={0|1} (Optional) Specifies whether to echo the request’s input 
parameters (names and values) in the XML output. When 
not specified, parameters are not included in the XML 
output. Specify 1 to view parameters in the XML output. 


A sample session login request (POST method) is shown below. Upon success, the sample 
Qualys API call returns an XML response with the message “Logged in” and the Qualys API 
session ID as shown. 


curl -H "X-Requested-With: Curl Sample" -D headers.4 
-d "action=login&username=acme_ab12é&password=passwd" 
"https://qualysapi.qualys.com/api/2.0/fo/session/" 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE GENERIC SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RESPONSE> 
DATETIME>2007-06-20T16:21:042Z</DATETIME> 
<TEXT>Logged in</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


cat headers.4 


HTTP/1.1 200 OK 

Date: Wed, 20 Jun 2007 16:21:03 GMT 

Server: qweb/3.3h 

Set-Cookie: QualysSession=7le6cda2a35d2cd404cddaf305ea0208; 
path=/api; secure 

Expires: Mon, 24 Oct 1970 07:30:00 GMT 

Cache-Control: post-check=0,pre-check=0 


Pragma: no-cache 
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Connection: close 


Transfer-Encoding: chunked 
Content-Type: text/xml 


Session Logout 
/api/2.0/fo/session/?action=logout 
[POST] 


Make a request to Qualys API server for session logout. 


When you're done making V2 API resource requests, the third party application must 
make a session logout request. This results in closing the session ID for the user’s account, 
preventing future API requests from running. 


Input Parameters 


Parameter Description 
action=logout (Required) A flag used to make a session logout request. 
echo_request={0|1} (Optional) Specifies whether to echo the request’s input 


parameters (names and values) in the XML output. When 
not specified, parameters are not included in the XML 
output. Specify 1 to view parameters in the XML output. 


A sample session logout request (POST method) is shown below. Upon success, the sample 
Qualys API call returns an XML response with the message “Logged out” as shown. 


curl -H "X-Requested-With: Curl Sample" 

-d "action=logout" 

-b "QualysSession=7le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/session/" 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE GENERIC SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2007-06-20T21:50:37Z</DATETIME> 
<TEXT>Logged out</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


cat headers.18 


HTTP/1.1 200 OK 
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Date: Wed, 20 Jun 2007 21:50:36 GMT 

Server: qweb/3.3h 

Expires: Mon, 24 Oct 1970 07:30:00 GMT 

Cache-Control: post-check=0,pre-check=0 

Pragma: no-cache 

Set-Cookie: QualysSession=7le6cda2a35d2cd404cddaf305ea0208; 
expires=Wed, 13-Jun-2007 21:50:37 GMT; path=/fo 

Connection: close 


Transfer-Encoding: chunked 
Content-Type: text/xml 
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Scans 


Launch and manage vulnerability scans, compliance scans, discovery scans (maps). 
VM Scans | Compliance Scans | Cloud Perimeter Scans 
VM Scan Schedules | PC Scan Schedules 


Scan List Parameters | Scan Parameters | Cloud Perimeter Scan Parameters | Scan 
Schedule Parameters 


VM Scan Statistics 

VM Scan Summary 

Scanner Details 

Share PCI Scan 

Discovery Scans (maps) | Domain List | Add/Edit Domain 
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VM Scans 


The VM Scan API (/api/2.0/fo/scan/) is used to obtain a list of vulnerability scans in your 
account and to take actions on them like cancel, pause, resume, and fetch (download) 
finished results. 


Express Lite: This API is available to Express Lite users. 


Permissions 


User Role Permissions 
Manager Manage scans on all IPs in the subscription. 
Unit Manager Launch, list and fetch scans on IPs in the user’s business 


unit. And take actions on scans launched by users in the 
same business unit (cancel, pause, resume and delete). 


Scanner Launch, list and fetch scans on IPs in the user’s account. 
And take actions on scans that the user owns (cancel, 
pause, resume and delete). 


Reader View scans with targets containing IPs in the user’s 
account. Download scan results when the target includes 
at least one IP in the user’s account. 


Auditor No permissions. 


VM Scan List 
/api/2.0/fo/scan/?action=list 


[GET] [POST] 


List vulnerability scans in the user’s account. By default the XML output lists scans 
launched in the past 30 days. 
Input Parameters 


The input parameters for requesting a VM scan list are shown below. See Scan List 
Parameters for complete details. 


Type Parameter List 
Request action=list (required), echo_request 
Scan List Filters scan_ref, state, processed, type, target, user_login, 


launched_after_datetime, launched_before_datetime, 
scan_type=certview, scan_type=ec2certview, client_id and 
client_name (only for Consultant type subscriptions) 


Show/Hide Information show_ags, show_op, show_status, show_last, ignore_target 
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Samples 
Listallscansin the user account. 


curl -H "X-Requested-With: Curl Sample" 

-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/scan/ 
?action=list&echo request=1&show_ags=1&show_op=1" 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SCAN LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/scan_ list output.dtd 
"> 
<SCAN LIST OUTPUT> 
<REQUEST> 
<DATETIME>2018-05-25T12:28:29Z</DATETIME> 
<USER_LOGIN>acme_ab</USER_LOGIN> 
<RESOURCE>https://qualysapi.qualys.com/api/2.0/fo/scan/ 
</RESOURCE> 
<PARAM LIST> 
<PARAM> 
<KEY>action</KEY> 
<VALUE>list</VALU 
</PARAM> 
<PARAM> 
<KEY>echo_request</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>show_ags</KE 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>show_op</K 
<VALUE>1</VALUE 
</PARAM> 
</PARAM LIST> 
</REQUEST> 
<RESPONSE> 
<DATETIME>2018-05-25T12:28:29Z</DATETIME> 
<SCAN_LIST> 
<SCAN> 
<REF>scan/1187117392.587</REF> 
<TYPE>On-Demand</TYPE> 
<TITLE><! [CDATA[Web Servers 09/25] ]></TITLE> 
<USER_LOGIN>acme_ab</USER_LOGIN> 
<LAUNCH DATETIME>2018-05-25-25T08:10:43Z</LAUNCH DATETIME> 


eal 
Vv 


K 
V 


GI 
K 
V 
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<DURATION>00:05:16</D 
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URATION> 


<PROCESSED>1</PROCESS 


E D> 


<STATUS> 
<STATE>Finished</ST 
</STATUS> 
<TARGET><! [CDATA[10.1 
<OPTION PROFILE> 
<TITLE><! [CDATA [I 
<DEFAULT FLAG>1</ 
</OPTION PROFILE> 
</SCAN> 
<SCAN> 
<REF>scan/1169604974. 
TYPE>Scheduled</TYPE 
TITLE><! [CDATA[Web S 
USER _LOGIN>acme_sb3< 
LAUNCH DATETIME>2018 
DURATION>00:05:16</D 


Gl 


< 
< 
< 
< 
< 
< 


ATI 


eal 
V 


H 
V 


0.10.10-10.10.10.113]]></TARGE 


nitial Options] ]></TITLI 
DEFAULT FLAG> 


eal 
V 


6553</REF> 

> 
ervers]]></TITL 
/USER_LOGIN> 
-05-24T15:40:02Z</LAUNCH DATETIME> 
URATION> 


eal 
V 


PROCESSED>0</ PROCESS 


E D> 


<STATUS> 
<STATE>Finished</ST 
</STATUS> 
<TARGET><! [CDATA[10.1 
<OPTION PROFILE> 
<TITLE><! [CDATA[I 
<DEFAULT FLAG>1</ 
</OPTION_PROFILE> 
</SCAN> 
</SCAN_LIST> 
</RESPONSE> 
</SCAN LIST OUTPUT> 


ATI 


Ed 
V 


0.10.10-10.10.10.113]]></TARGFET> 


T 


nitial Options]]></TITLI 
DEFAULT_FLAG> 


eal 
V 


List all running scans that were launched by the user with the login ID “acme_ab”: 


curl -H "X-Requested-With: Cu 
-b "QualysSession=71le6cda2a35 
secure" "https://qualysapi.qu 
Paction=list&state=Runningé&us 


List all scheduled scans that were launched 


curl -H "X-Requested-With: Cu 
-b "QualysSession=7le6cda2a35 
secure" "https://qualysapi.qu 
Paction=listé&type=Scheduledél 


rl Sample" 

d2cd404cddaf305ea0208; path=/api; 
alys.com/api/2.0/fo/scan/ 

er login=acme_ab" 


after June 5, 2018. 


rl Sample" 

d2cd404cddaf305ea0208; path=/api; 
alys.com/api/2.0/fo/scan/ 

aunched after datetime=2018-06-05" 
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List all scans for AFCO Company client (only for Consultant type subscriptions). 


curl -u "USERNAME :PASSWORD" -H "content-type: 
text/xml""https://qualysapi.qualys.com/api/2.0/fo/scan/?action=lis 
té&client name=AFCO Company" 


DTD 
<platform API server>/api/2.0/fo/scan/scan_list_output.dtd 


Launch VM Scan 
/api/2.0/fo/scan/?action=launch 
[POST] 


Launch vulnerability scan in the user’s account. 


Good to Know 


- The Launch Scan API is asynchronous. When you make a request to launch a scan using 
this API, the service will return a scan reference ID right away and the call will quit 
without waiting for the complete scan results. 


- When you launch a VM scan using the API, we check to see if the IPs in the scan target 
are available to the user making the scan request. To determine this, we check that each IP 
is in the subscription, in the VM license, and in the user's assigned scope. If any IP in the 
target is not available to the user, then it will be skipped from the scan job. 


For example, let’s say you specify the IP range 10.10.10.100-10.10.10.120, but IPs 
10.10.10.115 and 10.10.10.120 are not available to you. In this case, we will launch the scan 
on 10.10.10.100-10.10.10.114, 10.10.10.116-10.10.10.119, and we’ll skip 10.10.10.115 and 
10.10.10.120. 


- Using networks? Choose the Global Default Network to scan IPs on your network 
perimeter. 
Input Parameters 


The input parameters for launching a VM scan are shown below. See Scan Parameters for 
complete details. 


Type Parameter List 

Request action=launch (required), echo_request, 
runtime_http_header 

Scan Title scan_title 

Option Profile option_id or option_title 

Scanner Appliance iscanner_id or iscanner_name, ec2_instance_ids 

Processing Priority priority 

Asset IPs/Groups ip, asset_group_ids, asset_groups, exclude_ip_per_scan, 


default_scanner, scanners_in_ag 
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Type Parameter List 


Asset Tags target_from=tags, use_ip_nt_range_tags_include, 
use_ip_nt_range_tags_exclude, use_ip_nt_range_tags, 
tag_include_selector, tag_exclude_selector, tag_set_by, 
tag_set_exclude, tag_set_include 


Network ip_network_id (when the Network Support feature is 
enabled) 

Client client_id and client_name (only for Consultant type 
subscriptions) 


Sample - Launch scan on IP address 


API request: 
curl -H "X-Requested-With: Curl" -u "USERNAME: PASSWORD" -X "POST" 
-d 
"action=launch&scan title=My+Vulnerability+Scan&ip=10.10.10.10&o0pt 
ion id=43165&iscanner name=scanner1" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/" > outputfile.txt 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple_return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2013-01-15T21:32:40Z</DATETIME> 
<TEXT>New vm scan launched</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>136992</VA 
</ITEM> 


UE> 


<KEY>REFERENCE</KEY> 
<VALUE>scan/1358285558.36992</VALUI 


eal 
V 


</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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Sample - Launch Scan Samples 

API request (FODN only): 
curl -H "X-Requested-With: Curl" -u "USERNAME:PASSWD" -X "POST" -d 
"action=launch&option title=Initial+Options&fqdn=domain.qualys.com 
&iscanner name=scanner us" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/" > outputfile.txt 


API request (FQDN and asset group): 


curl -H "X-Requested-With: Curl" -u "USERNAME :PASSWD" -X "POST" -d 
"action=launch&option title=Initial+Options&fqdn=domain.qualys.com 
&iscanner name=scann r_us&scan_title=My+Scanéasset_groups=My+AG" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/" > outputfile.txt 


Sample - Launch scan using asset tags 


API request: 
curl -H "X-Requested-With: Curl" -u "USERNAME: PASSWD" -X "POST" -d 
"action=launchéscan_ title=Myt+Vulnerability+Scané&target from=tagsét 
ag set _by=name&tag_ set _include=Windowsé&option id=43165éiscanner na 
me=scannerl" "https://qualysapi.qualys.com/api/2.0/fo/scan/" > 
file.txt 


Sample - Launch scan using All Scanners in Network 
API request: 


curl -u "username:password" -H "X-Requested-With:curl demo" -d 
"action=launchéscan_ title=scan3é&option title=Initial+Options&ip ne 
twork 1d=12807913&scanners in network=lé&asset_ groups=AG1-GDN" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/" 


Launch VM Scan on EC2 assets 
/api/2.0/fo/scan/?action=launch 


[POST] 


Launch vulnerability scan on your Amazon EC2 hosts (in your Amazon Web Services 
account). 


A few things to consider... 
- EC2 Scanning must be enabled for your Qualys account. 
- Managers and Unit Managers can launch EC2 scans. 


- Before scanning you'll need to complete some set up steps. See Securing Amazon Web 
Services with Qualys 
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The input parameters for launching an EC2 scan are shown below. See Scan Parameters 


for complete details. 


Type Parameter List 
Request action=launch (required), echo_request 
Scan Title scan_title 


EC2 environment 


connector_name (required), ec2_endpoint (required) 


Option Profile 


option_id or option_title 


Scanner Appliance 


iscanner_id or iscanner_name 


Processing Priority 


priority 


Target Hosts 


Note: You can use either 
ec2_instance_ids or tags 
parameter or both 


target_from=tags 
Use tags to select the EC2 hosts you want to scan. 


These parameters provide separate options for including 
and excluding tags for network IP ranges. 
use_ip_nt_range_tags_include={0|1} (default in bold) 
Important - This cannot be set to “1” for EC2 scanning. 
use_ip_nt_range_tags_exclude=(0|1} (default in bold) 
Important - This cannot be set to “1” for EC2 scanning. 


This parameter has been replaced with the include/exclude 
options above but it is still supported. 
use_ip_nt_range_tags=(0|1} (default in bold) 

Important - This cannot be set to “1” for EC2 scanning. 


These tag parameters are used to select tags: 
tag_set_include=(tag1,tag2,...} (required) 
tag_set_exclude=(tag1,tag2,...} (optional) 
tag_include_selector={any|all} (default in bold) 
tag_exclude_selector={any|all} (default in bold) 
tag_set_by={id|name} (default in bold) 


ec2_instance_ids={value} 

The ID of the target EC2 instance to launch the VM or 
compliance scan. Multiple ec2 instance ids are comma 
separated. You can add up to maximum 10 instance Ids. 


Sample - Launch EC2 Vulnerability scan 


Launch an EC2 vulnerability scan using the connector “EC2_Connector” on assets that 
match tags with IDs 1558997 and 1559222. 


API request: 


curl -H "X-Requested-With: Curl" -u "USERNAME: PASSWD" -X "POST" -d 
"action=launchéscan_title=My+EC2+Scané&connector name=EC2 Connector 
&ec2 endpoint=us-east-létarget from=tags&use ip nt range tags=0 
&tag_ include selector=any&tag set by=id&tag set _include=1558997,15 
59222&o0ption id=43165&éiscanner name=EC2-1" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/" > outputfile.txt 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-02-25T21:32:40Z</DATETIME> 
<TEXT>New vm scan launched</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>136992</VA 


UE> 


<KEY>REFERENCE</KEY> 
<VALUE>scan/1358285558.36992</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


ea 
V 


Sample - Launch EC2 Vulnerability scan for EC2 instance 

Launch a VM scan on EC2 instances using the parameter ec2_instance_ids. 

This sample is for a vulnerability scan with a mix of valid and invalid instance IDs. The 
scan is launched on the valid instance IDs and the invalid instance IDs are listed in the 


output with the reasons they were considered invalid. Some did not belong to the EC2 
environment and some were not activated for VM. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -d 
"action=launchéscan_ title=Sample2éconnector name=EC2 


Connectoré&ec2 endpoint=us-east-léoption title=Initial 


Optionséiscanner name=EC2 Scanneréec2 instance _ids=i- 
01f234ce567ae890f, i- 

Obel2cbh3da4567e8a,i-Odlf23d4ba5co67e8b, i-0123e456f7890f123, i- 
012f3ceb4a5d6789d, i-0c123e4f567890123, i-012345a67bba89012, i- 
01ba23a45cba678af,i-012345678dfc90efe,i-0ab12e3456baadeb7" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/" 


XML output: 


<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/dtd/launch output.dt 
d"> 
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<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2021-11-19T09:13:21Z</DATETIME> 

<TEXT>New vm scan launched</TEXT> 

<NOTIFICATION>The following instances were skipped because they do 
not belong to the selected EC2 environment: i-012f3ceb4a5d6789d,i- 
0c123e4f567890123, 1-012345a67bba89012. The following instances 
were skipped because they are not activated for VM: i- 
Olba23a45cbha678af, i1-012345678dfc90efe, i- 

0ab12e3456baadeb7 .</NOTIFICATION> 

<ITEM LIST> 

<ITEM> 

<KEY>ID</KEY> 
UE>1140800</VALU 
</ITEM> 


2 
> 


ea) 
V 


<KEY>REFERENCE</KEY> 

UE>scan/1637313199.40800</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 
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Manage VM Scans 
/api/2.0/fo/scan/?action={action} 


Take actions on vulnerability scans in their account, like cancel, pause, resume, delete 
and fetch completed scan results. 


Parameter Description 


action={action} (Required) One action required for the request: 

cancel - Stop a scan in progress (POST method) 

pause - Stop a scan in progress and change status to “Paused” 
POST method) 

resume - Restart a scan that has been paused (POST method) 
delete - Delete a scan in your account (POST method) 

fetch - Download scan results for a scan with status of 


5 


‘Finished”, “Canceled”, “Paused” or “Error” (GET or POST method) 


echo_request={0|1} Optional) Specify 1 to echo the input parameters in the XML 
output. When unspecified, parameters are not listed in the XML 
output. 

scan_ref={value} (Required) The scan reference for a vulnerability scan. This will 


have the format: scan/nnnnnnnnnn.nnnnn 


Input Parameters 


Parameter Description 


action={action} (Required) An action for the request: 

cancel - stop a scan in progress, “Running” or “Paused” 
pause - stop a scan in progress and change status to “Paused” 
resume - restart a scan that has been paused 
fetch - download scan results for a scan with the status 
“Finished”, “Canceled”, “Paused” or “Error”. 


echo_request={0|1} Optional) Specifies whether to echo the request’s input 
parameters (names and values) in the XML output. When not 
specified, parameters are not included in the XML output. 
Specify 1 to view parameters in the XML output. 


scan_ref={value} Required) Specifies a scan reference. A scan reference has the 
format “scan/987659876.19876”. 
ips={value} Optional for a fetch request) Show only certain IP 


addresses/ranges in the scan results. One or more IPs/ranges 
may be specified. A range entry is specified using a hyphen (for 
example, 10.10.10.1-10.10.10.20). Multiple entries are comma 
separated. 
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Parameter Description 


mode=[brie£f|extended) (Optional for fetch request) The verbosity of the scan results 
details: brief (the default) or extended. The brief output includes 
this information: IP address, DNS hostname, NetBIOS hostname, 
QID and scan test results if applicable. The extended output 
includes the brief output plus this extended information: 
protocol, port, an SSL flag (“yes” is returned when SSL was used 
for the detection, “no” is returned when SSL was not used), and 


FQDN if applicable. 
output_format=[csv|json| (Optional for fetch request) The output format of the 
csv_extended vulnerability scan results. A valid value is: csv (the default), json 
json_extended} (for JavaScript Object Notation(), csv_extended, json_extended. 


Click here for information on Scan Results JSON 


chent_id={value} (Optional for fetch request) Id assigned to the client (Consultant 
type subscription only). Parameter client_id or client_name may 
be specified for the same request. 


client_name={value} (Optional for fetch request) Name of the client (Consultant type 
subscription only). Parameter client_id or client_name may be 
specified for the same request. 


Samples - Take actions on scans 
Cancel a scan (POST method) is shown below. 


curl -H "X-Requested-With: Curl Sample" 

-d “action=cancel&scan_ ref=234234234.12345" 

-b "QualysSession=7le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/scan/" 


Pause a scan (POST method) is shown below. 


curl -H "X-Requested-With: Curl Sample" 

-d "“action=pauseéscan_ ref=234234234.12345" 

-b "QualysSession=7le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/scan/" 


Resume a scan (POST method) is shown below. 


curl -H "X-Requested-With: Curl Sample" 

-d "action=resume&scan_ ref=234234234.12345" 

-b "QualysSession=7le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/scan/" 


Fetch/download a scan result is shown below. 


curl -H "X-Requested-With: Curl Sample" 

-d "“action=fetchéscan_ ref=234234234.12345" 

-b "QualysSession=7le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/scan/" 
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DTD 
<platform API server>/api/2.0/simple_return.dtd 


Compliance Scans 


The Compliance Scan API (/api/2.0/fo/scan/compliance/) is used to launch compliance 
scans, get a list of compliance scans in your account and manage them. The SCAP Scan 
API (/api/2.0/fo/scan/scap/) is used to get a list of SCAP scans in your account. 


Permissions 


Note: The Compliance Scan APIs are available as part of one of the following subscription 
combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 


Role-based user permissions are described below. 


User Role Permissions 

Manager Manage compliance scans on all compliance IPs in the 
subscription. 

Unit Manager When the "Manage compliance" permission is enabled in the 


user’s account settings: 1) ability to launch, list and fetch 
compliance scans on IPs in the user’s business unit, 2) ability to 
take actions on scans launched by users in the same business 
unit (cancel, pause, resume and delete). 


Scanner When the "Manage compliance" permission is enabled in the 
user’s account settings: 1) ability to launch, list and fetch 
compliance scans on IPs in the user’s account, 2) ability to take 
actions on scans that the user owns (cancel, pause, resume and 


delete). 
Reader No permissions to manage compliance scans. 
Auditor No permissions to manage compliance scans. 
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Compliance Scan List 


/api/2.0/fo/scan/complian 
[GET] [POST] 


ce/ with action=list 


List of compliance scans in your account. By default the XML output lists scans launched 


in the past 30 days. 


The input parameters for requesting a PC scan list are below. See Scan List Parameters for 


complete details. 


Type 


Parameter List 


Request 


action=list (required), echo_request 


Scan List Filters 


scan_id (compliance scan ID), scan_ref, state, processed, 
type, target, user_login, launched_after_datetime, 
launched_before_datetime, client_id and client_name (only 
for Consultant type subscriptions) 


Show Information 


show_ags, show_op, show_status, show_last 


API Request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


-d 


"action=listé&state=Finishedéscan ref=compliance/1344842952.1340" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SCAN LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/scan_ list output.dtd 


"> 


<SCAN LIST OUTPUT> 


<RESPONSE> 


<DATETIME>2018-06-12T07:28:462</DATETIME> 


<SCAN_LIST> 
<SCAN> 


<ID>3332486</ID> 


Nn 
=] 


<REF>compliance/1344842952.1340</REF> 
TYPE>Scheduled</TYPE> 

TITLE><! [CDATA[MY PC Scan] ]></TITLE> 
U R LOGIN>USERNAME</USER_ LOGIN> 


DURATION>00:06:29</DURATION> 


< 
< 
< 
<LAUNCH_ DATETIME>2018-05-13T07:30:09Z</LAUNCH DATETIME> 
< 
< 


PROCESSED>1</PROCESSED> 


<STATUS> 


<STAT!I 


(zal 
V 


E>Finished</STAT 
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</STATUS> 


<TA 


</SCAN> 


</SCAN_ 


LIST> 


</RESPONS 


E> 


RGET><! [CDATA[10.10.25.50]]></TARGET> 


</SCAN LIST OUTPUT> 


DTD: 


<platform API server>/api/2.0/fo/scan/scan_list_output.dtd 


SCAP Scan List 


/api/2.0/fo/scan/scap/ with action=list 


[GET] [POST] 


List SCAP scans in your account. By default the XML output lists scans launched in the 


past 30 days. 


The input parameters for requesting a SCAP scan list are below. See Scan List Parameters 


for complete details. 


Type 


Parameter List 


Request 


action=list (required), echo_request 


Scan List Filters 


scan_id (compliance scan ID), scan_ref, state, type, target, 
user_login, launched_after_datetime, 
launched_before_datetime 


Show Information 


show_ags, show_op, show_status, show_last 


API request 1: all SCAP scan 


S 


curl -=u TUS 
"action=lis 


ERNAM 


E:PASSWORD" -H "X-Requested-With: Curl" -d 


t" "h 


ttps://qualysapi.qualys.com/api/2.0/fo/scan/scap/" 


API request 2: SCAP scan by reference number 


curl -u "US 
"action=lis 


ERNAM 


E:PASSWORD" -H "X-Requested-With: Curl" -d 


t&scan ref=qscap/1402642816.80342" 


"https://qualysapi.qualys.com/api/2.0/fo/scan/scap/" 


API request 3: On Demand SCAP scans only 


curl -u "US 
"action=lis 


ERNAM 


E:PASSWORD" -H "X-Requested-With: Curl" -d 


t&étype=On-Demand" 


"https://qualysapi.qualys.com/api/2.0/fo/scan/scap/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


39 


Scans 
Compliance Scans 


<!DOCTYPE SCAN LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/scap/qscap_scan list 
_output.dtd"> 
<SCAN_ LIST OUTPUT> 
<RES PONSE> 
<DATETIME>2018-06-13T22:56:19Z</DATETIME> 
<SCAN_LIST> 
<SCAN> 
<ID>6980366</ID> 
<REF>qscap/1402694682.80366</R 
<TYPE>On-Demand</TYPE> 
<TITLE><! [CDATA[<IMG 
SRC="http://www.google.com/images/logos/ps_logo2.png">] ]></TITLI 
<POLICY> 
<ID>39298</ID> 
<TITLE><! [CDATA[Policy A] ]></TITLI 
</POLICY> 
<USER_LOGIN>acme_ab</USER_LOGIN> 
<LAUNCH DATETIME>2018-06-13T21:24:42Z</LAUNCH DATETIME> 
<STATUS> 
<STATE>Finished</STATE> 
</STATUS> 
<TARGET><! [CDATA[10.10.30.244, 10.10.34.222]]></TARGET> 


Gl 


F> 


Eal 
V 


eal 
V 


</SCAN LIST> 
</RESPONSE> 
</SCAN LIST OUTPUT> 


DTD: 


<platform API server>/api/2.0/fo/scan/qscap_scan_list_output.dtd 
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Launch Compliance Scan 
/api/2.0/fo/scan/compliance/?action=launch 


[POST] 


Launch compliance scan in the user’s account. 
Using networks? Choose the Global Default Network to scan IPs on your network 
perimeter. 


Input Parameters 


The input parameters for launching a compliance scan are shown below. See Securing 
Amazon Web Services with Qualys 


Type Parameter List 

Request action=launch (required), echo_request, 
runtime_http_header 

Scan Title scan_title 

Option Profile option_id or option_title 

Scanner Appliance iscanner_id or iscanner_name 

Asset IPs/Groups ip, asset_group_ids, asset_groups, exclude_ip_per_scan, 


default_scanner, scanners_in_ag 


Asset Tags target_from=tags, use_ip_nt_range_tags_include, 
use_ip_nt_range_tags_exclude, use_ip_nt_range_tags, 
tag_include_selector, tag_exclude_selector, tag_set_by, 
tag_set_exclude, tag_set_include 


Network ip_network_id (when the Network Support feature is 
enabled) 

Client client_id and client_name (only for Consultant type 
subscriptions) 


Sample - Launch a Compliance Scan 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


"action=launchéip=10.10.25.52éiscanner name=iscan er5é&option title 
=Initial+PC+Optionsé&echo request=1" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/" > 
apiOutputScan.txt 


Sample - Launch a compliance scan using all scanners in network 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With:curl demo 2" -qd 
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"action=launch&scan_title=pc+scan+API&option_ id=3262&ip network id 
=12807913&scanners in network=1é&ip=10.10.10.10,10.10.10.11" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-06-15T21:55:362Z</DATETIME> 
<TEXT>New compliance scan launched</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>18198</VALU 
</ITEM> 


ea 
V 


<KEY>REFERENCE</KEY> 
<VALUE>compliance/1473976536.18198</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


(zal 
V 


Launch Compliance Scan on EC2 assets 
/api/2.0/fo/scan/compliance/?action=launch 
[POST] 


Launch a compliance scan on your Amazon EC2 hosts (in your Amazon Web Services 
account). 


A few things to consider... 
- EC2 Scanning must be enabled for your Qualys account. 
- Managers and Unit Managers can launch EC2 scans. 


- Before scanning you'll need to complete some set up steps. See Securing Amazon Web 
Services with Qualys 
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Input Parameters 


The input parameters for launching an EC2 scan are shown below. Please see Scan 
Parameters for complete details. 

Type Parameter List 

Request action=launch (required), echo_request 

Scan Title scan_title 

EC2 environment connector_name (required), ec2_endpoint (required) 

Option Profile option_id or option_title 

Scanner Appliance iscanner_id or iscanner_name 

Target Hosts target_from=tags (required) 


Use tags to select the EC2 hosts you want to scan. 


These parameters provide separate options for including 
and excluding tags for network IP ranges. 
use_ip_nt_range_tags_include={0|1} (default in bold) 
Important - This cannot be set to “1” for EC2 scanning. 
use_ip_nt_range_tags_exclude=({0|1} (default in bold) 
Important - This cannot be set to “1” for EC2 scanning. 


This parameter has been replaced with the include/exclude 
options above but it is still supported. 
use_ip_nt_range_tags=(0|1} (default in bold) 

Important - This cannot be set to “1” for EC2 scanning. 


These tag parameters are used to select tags: 
tag_set_include={tag1,tag2,...} (required) 
tag_set_exclude=(tag1,tag2,...} (optional) 
tag_include_selector={any|all} (default in bold) 
tag_exclude_selector={any|all} (default in bold) 
tag_set_by={id|name} (default in bold) 


Sample - Launch EC2 compliance scan 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
=d 
"action=launch&scan title=My+EC2+Scan+via+API&connector name=EC2- 
Connector-Lab&ec2 endpoint=us-east- 

l&target from=tags&tag include selector=anyé&tag set by=id&tag set ` 
include=270325&0ption id=61769&iscanner name=my-ec2-scanner" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 


sç; 
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<DATETIME>2018-06-24T10:10:512</DATETIME> 


<USER_LOGIN>USERNAME</USER_LOGIN> 


<RESOURCE>https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/ 


</RESOURCE> 
</REQUEST> 
<RESPONSE> 


<DATETIME>2018-06-24T10:10:572</DATETIME> 


<TEXT>New compliance scan launched</TEXT> 
<ITEM LIST> 


<ITEM> 
<VALU 

</ITEM> 

<ITEM> 


<KEY>ID</KEY> 
E>2222345</VALU 


eal 
V 


<KEY> 


R 


BE FERENCE</KEY> 


<VALUI 


E>compliance/1347771234.36444</VALU 


zal 
V 


</ITEM> 


</ITEM LIST> 


</RESPONSE> 


</SIMPLE RETURN> 


Manage Compliance Scans 


/api/2.0/fo/scan/compliance/?action={action} 


Take actions on compliance scans in their account, like cancel, pause, resume, delete and 
fetch completed scan results. 


Parameter 


Description 


action={action} 


(Required) One action required for the request: 
cancel - Stop a scan in progress (POST method) 
pause - Stop a scan in progress and change status to 
“Paused” (POST method) 

resume - Restart a scan that has been paused (POST 
method) 
delete - Delete a scan in your account (POST method) 
fetch - Download scan results for a scan with status of 
“Finished”, “Canceled”, “Paused” or “Error” (GET or POST 
method) 


echo_request={0|1} 


(Optional) Specify 1 to echo the input parameters in the 
XML output. When unspecified, parameters are not listed 
in the XML output. 


scan_ref={value} 


(Required) The scan reference for a compliance scan. This 
will have the format: compliance/nnnnnnnnnn.nnnnn 
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Sample - Fetch PC Scan Results 


API request: 


curl -u USERNAME: PASSWORD -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/? 
action=fetch&éscan_ref=compliance/1347709693.37303" > 
apiOutputScanFetch.txt 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE COMPLIANCE SCAN RESULT OUTPUT SYSTEM 


x 


"https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/complianc 
e scan result _output.dtd"> 
<COMPLIANCE SCAN RESULT OUTPUT> 
<RESPONSE> 
<DATETIME>2018-06-17T10:23:53Z</DATETIME> 
<COMPLIANCE SCAN> 
<HEADER> 
<NAME><! [CDATA [Compliance Scan Results] ]></NAM 
(RATION DATETIME>2012-09- 
17T10:23:53Z</GENERATION DATETIME> 
<COMPANY INFO> 
<NAME><! [CDATA [Qualys] ] ></NAME> 
<ADDRESS><! [CDATA[1600 Bridge Parkway] ]></ADDRESS> 
<CITY><! [CDATA [Redwood Shores] ]></CITY> 
<STATE><! [CDATA[California] ] ></STATE> 
<COUNTRY><! [CDATA [United States] ] ></COUNTRY> 
<ZIP_CODE><! [CDATA[94065] ]></ZIP_CODE> 
</COMPANY INFO> 
<USER_ INFO> 


Fl 
V 


A 
Q 
Z 


E 
ki 


<NAME><! [CDATA [NAME] ] ></NAME> 
<USERNAME>USERNAME< /USERNAME> 
<ROLE>Manager</ROLE> 

</USER_INFO> 

<KEY value="USERNAME">USERNAME</KEY> 

<KEY value="COMPANY"><! [CDATA[Qualys] ] ></KEY> 

<KEY value="DATE">2018-06-15T11:49:082</KEY> 

<KEY value="TITLE"><! [CDATA[My PC Scan] ]></KEY> 

<KEY value="TARGET">10.10.10.29</KEY> 

<KEY value="EXCLUDED TARGET"><! [CDATA[N/A] ] ></KEY> 

<KEY value="DURATION">00:01:00</KEY> 

<KEY value="SCAN HOST">10.10.21.122 (Scanner 6.6.28-1, 

Vulnerability Signatures 2.2.215-2)</KEY> 
<KEY value="NBHOST ALIVE">1</KEY> 
<KEY value="NBHOST_ TOTAL">1</KEY> 
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<KI 


EY value="R 


EPORT TYP 


<K] 
Scanned Ports: 
Scanners: 15, 


Parallel: 10, 


Packet (Burst) 
Performance: No 


EY value="0 


PTIONS">F 
Standard Scan, 


Para 


Delay: 
rmal, 


Medium, 
ICMP Host 


H 
Hosts to Scan in Parallel - Scanner Appliances: 
Total Processes to Run in 


Scans 
Compliance Scans 


E">Scheduled</KEY> 
ile Integrity Monitoring: 


Enabled, 
osts to Scan in Parallel - External 
30, 
HTTP Processes to Run in 


llel: 10, 


Intensity: Normal, Overall 
Discovery, Ignore RST packets: Off, 


Ignore firewall-generated SYN-ACK packets: Off, Do not send ACK or 


SYN-ACK packets 
<K] 
<O 


EY va 


<OPTI 


option profile | 


PTION_ 


during host di 


scovery: Off</KEY> 


lue="STAT 


PROF ILE> 


US">FINISH 


ED</KEY> 


H 


ON PROFI 


sE 


TITL 


F 


default="0"><! [ 


p 


></OPTION F 
</O 

</HEA 

<APPI 

<T 


ROFI 
PTIO 
DER> 
DIX 
RGET 
HOST 
</ TARGI 
<TARGI 

<SCAN 


F 


4 


ma 
ry 


<NAM 


< 
</SCA 
</TARGI 
<AUTHEN 
<AUTH 


m 
Ë, 


T 


<TYE 


<SU 

< 

</S 

</AUT 

</AUTH 

</APPI 

</COMPLIANC 
</RESPONSE> 

</COMPLIANCE 


ry 


= 
py 


< 


_SCAN_R 


LE _TITLE> 
N_PROFILE> 


> 

_HOSTS> 
S_SCANNED>10.10 
HOSTS> 
ISTRIBUTION> 
R> 


N 


my 
E, 
7 
Ë. 


NNER> 
T_DISTRIBUTION> 
TICATION> 

> 


p 


><! [CDATA [iscan_sx] ]></NAM 
HOSTS>10.10.10.29</HOSTS> 


CDATA[11412]] 


= 


.10.29</HOSTS_SCANN 


E 


Gl 


E>Windows</TYP 
CCESS> 

I 
UCC] 
H> 


ESS> 


NTICATION> 
ENDIX> 


ry 
Ë, 


_SCAN> 


GI 


P>10.10.10.29</IP> 


ESULT OUTPUT> 
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Cloud Perimeter Scans 


/api/2.0/fo/scan/cloud/perimeter/job/ 


[POST] 


Scans 
Cloud Perimeter Scans 


Cloud perimeter scans are available for VM and PC modules. Only Managers and Unit 
Managers have permission to configure cloud perimeter scans. 


The input parameters for requesting a Cloud Perimeter scan are below. See Cloud 
Perimeter Scan Parameters for complete details. 


Type 


Parameter List 


Request 


action={create|update} 


Scan List Filters 


id, module, cloud_provider, cloud_service, 
connector_name, connector_uuid, scan_title, active, 
option_title, option_id, priority, scanner_id, 
iscanner_name, platform_type, region_code, vpc_id, 
tag_include_selector, tag_exclude_selector, tag_set_by, 
tag_set_include, tag_set_exclude, elb_dns, schedule 


Create/Update Cloud Perimeter Scan 


We allow you to create/update a cloud perimeter scan job through Cloud Perimeter Scan 
API even if no scan targets are resolved from the provided details. At the time of scan, if no 


scan targets are resolved from the pro 
add the error in the Activity log and R 


API Request: 


curl -u 


"USERNAM 


vided details, the scan will not be launched, and we 
un history of the schedule scan job. 


E:PASSWORD" -H "X-Requested-With: Curl" 


"action=createétag set by=name&tag include selector=anyétag set in 
clude=ec2-Virginia, Unassigned Business 
Unit&connector name=connl&region_code=us-east- 
l&active=l&option title=Initial 
Options &module=vméschedule=now&cloud_ provider=awséplatform type=cl 
assic&&éafter notify=léafter notify message=Scan Finished" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/cloud/perimeter/job/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYP 
"https: / 


E SIMPLE 


F 


R 


ETURN SYSTEM 


<SIMPLE 


RETURN> 


<RESPONSE> 


<DAT 


ETIME>2018-04-11T04:06:01Z</DATETIM 


F> 


<TEXT>Scan has been created successfully</T 
<ITEM LIST> 
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/qualysapi.qualys.com/api/2.0/simple return.dtd"> 


EXT> 


Scans 
Cloud Perimeter Scans 


EM> 
<KEY>ID</KEY> 
<VALUE>1352070</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


ea 
V 


Example - Create Cloud Perimeter Scan Job (Recurring Schedule) 
API Request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"action=createétag set by=nameé&tag_ include selector=anyétag set in 
clude=EC2 Targets&tag exclude selector=anyétag set _exclude=EC2 Tes 
t&connector name=EC2 Connectoré&region code=us-east- 
léactive=0&occurrence=dailyéstart date=04/02/2018éstart hour=10&st 
art _minute=30é&étime zone code=INéoption title=Initial 
Optionséfrequency days=364éo0bserve dst=no&module=vméschedule=recur 
ring&cloud_ provider=aws&platform type=classicéafter notify=lé&recip 
ient_group_ids=4229" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/cloud/perimeter/job/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-04-11T05:01:42Z</DATETIME> 
<TEXT>Scan has been created successfully</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>1352071</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


ea 
V 


Example - Update Cloud Perimeter Scan Job 
API Request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"action=updateéid=1352071&connector name=EC2Connector- 
2&platform type=vpc_ peered&region code=us-west-1" 
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"https://qualysapi.qualys.com/api/2.0/fo/scan/cloud/perimeter/job/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-04-11T05:05:35Z</DATETIME> 
<TEXT>Scan has been updated successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>1352071</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


eal 
V 


<platform API server>/api/2.0/fo/scan/simple_return.dtd 
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VM Scan Schedules 


The Schedule Scan API (/api/2.0/fo/schedule/scan/) is used to define schedules for 
vulnerability scans in the user's account. 


Permissions 


User Role Permissions 


Manager Create scan schedules for all assets in the subscription 
Remove all scan schedules 
View all scan schedules in the subscription 


Unit Manager Create scan schedules for assets in user's business unit 
Remove scan schedules in user's business unit. 
View scan schedules in the subscription 


Scanner Create scan schedules for assets in user's account. 
Remove user's scan schedules 
View scan schedules in the subscription 


Readers No permission to create or remove scan schedules 
View scan schedules in the subscription* 


* Qualys includes an account permission setting that restricts Unit Managers, Scanners, 
and Readers from viewing scheduled tasks on unassigned assets. 


List scan schedules 
/api/2.0/fo/schedule/scan/?action=list 


[GET] [POST] 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Specify 1 to echo the request’s input parameters 


(names and values) in the XML output. Otherwise parameters are 
not displayed in the output. 


id={value} (Optional) The ID of the scan schedule you want to display. 

active={0|1} (Optional) Specify 1 for active schedules only, or 0 for deactivated 
schedules only. 

show_notifications={0|1} (Optional) Specify 1 to include the notification settings for each 
schedule in the XML output. 

scan_type=certview (Optional) Launch a CertView type VM scan. This option will be 
supported when CertView GA is released and enabled for your 
account. 

scan_type=ec2certview (Optional) Launch a CertView type VM scan for EC2 assets. 
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Parameter Description 

fqdn={value} (Optional) The target FQDN for a vulnerability scan. You must 
specify at least one target i.e. IPs, asset groups or FQDNSs. 
Multiple values are comma separated. 


show_cloud_details={0|1} 


Opti 


Othe 


onal) Set to 1 to display th 


rwis 


e cloud details (Provider, 


Connector, Scan Type and Cloud Target) in the XML output. 
e the details are not displayed in the output. 


client_id={value} 


Opti 
only 
the s 


ona 


) 


d assigned to the cli 


ent (Consultant type subscription 


ame request. 


. Parameter client_id or cli 


ent_name may be specified for 


client_name={value} 


(Opti 
only 
thes 


ona 


ame request. 


) Name of the client (Consultant type subscription 
. Parameter client_id or client_name may be specified for 


scan_type=perimeter 


(Opti 


ona 


) 


List cloud perimeter 


scans only. This option will be 


supported for Cloud Perimeter Scans in future release. 


show_cloud_details={0|1} 


(Opti 


cloud de 


ona 


perimeter scans. 


) Set to 1 to display cloud details in the XML output. The 
tails will show scan type "Cloud Perimeter" for cloud 


API request: 


"US 


curl =ü 


py 


RNAM 


F: PA 


SSWORD" 


-H "X-Requested-With: Curl" 


"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/?action=lis 
téid=160642éshow_ notifications=1" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


?> 


<!DOCTYPE SCHEDULE SCAN LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/schedule sc 
an_list_output.dtd"> 
<SCHEDULE SCAN LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2017-12-01T19:26:50Z</DATETIME> 
<SCHEDULE_ SCAN LIST> 
<SCAN> 
<ID>160642</ID> 
<ACTIVE>1</ACTIVE> 
<TITLE><! [CDATA[My Daily Scan] ]></TITLE> 
<USER_LOGIN>qualys ps</USER_LOGIN> 
<TARGET><! [CDATA[10.10.10.10-10.10.10.20] ]></TARGET> 
<NETWORK_ID><! [CDATA[0]]></NETWORK_ID> 
<ISCANNER NAME><! [CDATA [External 
Scanner] ]></ISCANNER_ NAME> 
<USER_ENTERED IPS> 
<RANGE> 


<START>10.10.10.10</START> 
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</RANGE> 
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END>10.10.10.20</END> 


FAULT FLAG>1</DEFAULT FLAG> 


><! [CDATA[Initial Options]]></TITLE> 


ESSING PRIORITY>0 - No Priority</PROCESSING PRIORITY> 


</USER_ENTERED IPS> 
<OPTION PROFILE> 
<TITL 
<DE 
</OPTION PROFILE> 
<PROCI 
<SCHEDULE> 
<DAI 


LY frequency days="1" /> 
<START DATE 
<START HOUR>16</START_ HOUR> 


UTC>2017-11-30T00:30:00Z</START DATE UTC> 


7 


<START MINUTE>30</START MINUTE> 


<NEXTLAUNCH_UTC>2017-12-02T00:30:00</NEXTLAUNCH UTC> 
<TIME_ZONE> 
<TIME ZONE CODE>US-CA</TIME ZONE _CODE> 
<TIME ZONE DETAILS>(GMT-0800) United States: 
America/Los Angeles</TIME ZONE DETAILS> 
</TIME_ZONE> 
<DST_SELECTED>1</DST_SELECTED> 
</SCHEDULE> 
<NOTIFICATIONS> 
<BEFORE_LAUNCH> 
<TIME>30</TIME> 
<UNIT><! [CDATA [minutes] ]></UNIT> 
<MESSAGE><! [CDATA[This is my custom before scan email 


message. ]]></MESSAGE> 


</B 


EFORE LAUNCH> 
<AFTER COMPL 


ETE> 


<MESSAGE>< 


message. ]]></MESSAGE> 
</AFTER_COMP 
</NOTIFICATIONS> 


< 
</R 
</SCH 


</SCAN> 


/SCHEDUL 


E SCAN LI 


ES PONSE> 


![CDATA[This is my custom after scan email 


ETE> 


ST> 


EDULE SCAN LIST OUTPUT> 


52 


Scans 
VM Scan Schedules 


Example: Users can filter the schedule scan list to only show cloud perimeter scan jobs. 
Also, when you include cloud details in the output, we'll show scan type "Cloud 
Perimeter". 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/?action=lis 
t&id=1340788&scan type=perimeter&show cloud _details=1" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SCHEDULE SCAN LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/schedule sc 
an list _output.dtd"> 
<SCHEDULE SCAN LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2018-04-12T12:57:03Z</DATETIME> 
<SCHEDULE_SCAN_LIST> 
<SCAN> 
<ID>1340788</ID> 
<ACTIVE></ACTIVE> 
<TITLE><! [CDATA[My External Scan] ]></TITLE> 
<USER_LOGIN>utwrx_mp</USER_LOGIN> 
<TARGET><! [CDATA [Asset Tags Included] ]></TARGET> 
<ISCANNER NAME><! [CDATA[External Scanner] ]></ISCANNER_ NAME> 
<EC2_ INSTANCE> 
<CONNECTOR UUID><! [CDATA[8047abce-c3ac-42e0-ad49- 
be4181d22c84] ]></CONNECTOR_UUID> 
<EC2_ ENDPOINT><! [CDATA[1507b6c1-07a7-4d88-acf2- 
8c6b63e749c4] ]></EC2 ENDPOINT> 
<EC2_ ONLY _CLASSIC><! [CDATA[1]]></EC2_ONLY_CLASSIC> 
</EC2 INSTANCE> 
<CLOUD_DETAILS> 
IDER>AWS</PROVID 
ECTOR> 
>37361</ID> 
<UUID>8047abce-c3ac-42e0-ad49-be4181d22c84</UUID> 
M 
N 


T 


kel 
w 
V 


E><! [CDATA[EC2 Connector] ]></NAME> 
ECTOR> 
<SCAN TYPE>Cloud Perimeter</SCAN TYP 
<CLOUD TARGET> 
LATFORM>Classic</PLATFORM> 
EGION> 
<UUID>1507b6c1-07a7-4d88-acf2-8c6b63e749c4</UUID> 
<CODE>us-east-1</CODE> 

<NAME><! [CDATA[US East (N. Virginia) ] ]></NAME> 


i 
V 
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</REGION> 
<VPC_SCOPE>None</VPC_SCOPE> 
</CLOUD_TARGET> 
</CLOUD_DETAILS> 
<ASSET_TAGS> 
<TAG_INCLUDE_SE 


ECTOR>any</TAG INCLUDE SELECTOR> 


<TAG SET INCLUDE><! [CDATA[EC2 Targets] ]></TAG SET INCLUDE> 
<TAG EXCLUDE SELECTOR>any</TAG EXCLUDE _SELECTOR> 
<TAG_ SET EXCLUDE><! [CDATA[EC2_ Test]]></TAG SET _EXCLUDE> 
<USE IP NT RANGE TAGS>0</USE IP NT RANGE TAGS> 
</ASSET_TAGS> 
<ELB_DNS> 
<DNS><! [CDATA[abc.com] ] ></DNS> 
<DNS><! [CDATA[abc123.com] ]></DNS> 
ELB_DNS> 
<OPTION PROFILE> 
E><![CDATA[Initial Options] ]></TITL 
<DEFAULT FLAG>1</DEFAULT FLAG> 
</OPTION_PROFILE> 
<PROCESSING PRIORITY>0 - No Priority</PROCESSING PRIORITY> 
<SCHEDULE> 
<DAILY frequency days="364" /> 
<START DATE UTC>2018-04-02T05:00:00Z</START DATE UTC> 


<START HOUR>10</START HOUR> 
<START_ MINUTE>30</START MINUTE> 
<TIME_ZONE> 
<TIME_ZONE_CODE>IN</TIME_ZONE_CODE> 
<TIME ZONE DETAILS>(GMT+0530) India: 
Asia/Calcutta</TIME ZONE DETAILS> 
</TIME_ZONE> 
<DST_SELECTED>0</DST_SELECTED> 
</SCHEDULE> 
</SCAN> 
</SCHEDULE_SCAN_LIST> 
</RESPONSE> 
</SCHEDULE_SCAN_LIST_OUTPUT> 


ea 
V 


DTD: 


<platform API server>/api/2.0/fo/schedule/scan/schedule_scan_list_output.dtd 
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/api/2.0/fo/schedule/scan/?action=create 


[POST] 


Create a scan schedule in the user’s account. 


Input Parameters 


The input parameters for creating a scan schedule are below. For complete details see 
Scan Parameters and Scan Schedule Parameters. 


Type Parameter List 
Request action=create (required), echo_request 
Scan scan_title (required), active=0]1 (required) 


Option Profile 


option_id or option_title (one is required) 


Scanner Appliance 


iscanner_id or iscanner_name 


Processing Priority 


priority 


Asset IPs/Groups ip, asset_group_ids, asset_groups, exclude_ip_per_scan, 
default_scanner, scanners_in_ag 

Asset Tags target_from=tags, tag_include_selector, 
tag_exclude_selector, tag_set_by, tag_set_exclude, 
tag_set_include, use_ip_nt_range_tags_include, 
use_ip_nt_range_tags_exclude, use_ip_nt_range_tags 

Network ip_network_id to filter IPs/ranges in “ip” parameter (valid 
when the networks feature is enabled) 

EC2 Hosts target_from=tags (required) 


use_ip_nt_range_tags_include=0 (optional) 
use_ip_nt_range_tags_exclude=0 (optional) 
use_ip_nt_range_tags=0 (optional) 
tag_set_include (required) 

More Asset Tags parameters (optional) 


EC2 Environment 


connector_name or connector_uuid (one is required) 
ec2_endpoint (required) 


Scheduling 


start_date (current date by default) 

start_hour, start_minute, time_zone_code, occurrence 
(required) 

observe_dst, recurrence, end_after, pause_after_hours, 
resume_in_days 


Daily Scan 


occurrence=daily, frequency_days (required) 


Weekly Scan 


occurrence=weekly, frequency_weeks, weeks (required) 
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Type Parameter List 
Monthly Scan occurrence=monthly, frequency_months (required) 

Nth day of month: day_of_month (required) 

Day in Nth week: day_of_week, week_of_month (required) 
Notifications before_notify, before_notify_unit, before_notify_time, 


before_notify_message, after_notify, after_notify_message, 
recipient_group_ids, delay_notify, delay_notify_message 
skipped_notify, skipped_notify_message, deactivate_notify, 
deactivate_notify_message 


Sample - Create scan schedule 
API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: curl" -X "POST" -d 
"scan _title=My+ScantSchedule&active=léoption id=3456étarget from=t 
ags&tag_ set include=tagl,tag2,tag3&iscanner name=scannerléoccurren 
ce=daily&frequency days=5é&time zone code=US-CAé&observe dst=yes&sta 
rt_hour=14éstart_minute=0" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/?action=cre 
ate" 


Sample - Create Scan Schedule, Cancel after 45 minutes 
API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -q 
"action=createéscan title=My Weekly Scané&option title=InitialOptio 
ns&ip=10.20.31.73,10.20.31.106&active=1&occurrence=weekly&start_ho 
ur=l13éstart_ minute=30&time zone code=IN&frequency weeks=1é&weekdays 
=Sundayéend after=O0&end after mins=45éiscanner name=scannerl,scann 
er2&before notify=lé&before notify unit=hoursé&before notify time=20 
&recipient group _ids=4228,5628" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/" 


XML output: 


?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2019-01-02T21:32:402Z</DATETIME> 
<TEXT>New scan scheduled successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>136992</VALU 
</ITEM> 


ea) 
V 
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</ ITEM 


</RESPONSE> 
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IST> 


ETURN> 


</SIMPLE_R 


Sample - Create scan schedule using all scanners in network 


API request: 


curl 


-u MU 


SERNAME: PASSWD" -H "X-Requested-With:curl demo 2" -d 


"action=createéscan title=API+Schedule+scanéoption title=Initial+o 
ptionsé&ip network id=12807913éscanners in network=1éip=10.10.10.10 
,10.10.10.11&0ccurrence=monthly&frequency months=12éday of month=2 
O&start minute=00éstart hour=22&time zone code=INéobserve dst=noé&p 
ause after hours=3é&resume in days=4&recurrence=5é&start date=08/20/ 
2016éactive=1" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/" 


XML output: 


?xml version="1.0" encoding="UTF-8" ?> 


<!DO 
"htt 
<SIM 

<R 


CTYPE 


SIMPLE RETURN SYSTEM 


ps://q 
PLE RE 


ualysapi.qualys.com/api/2.0/simple return.dtd"> 
TURN> 


ESPONS 


E> 


<DATET 


IME>2018-04-20T21:32:40Z</DATETIME> 


<TEXT> 
<ITEM 


New scan scheduled successfully</TEXT> 
 IST> 


<ITl 


<VALUE>136992</VALU 


EY>ID</KEY> 


eal 
V 


EM> 


 LIST> 


SE> 


Sample - Create scan schedule (with FQDN and asset group) 


API request: 


curl 


S.CO 


-u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=create&scan title=My+Schedule&active=l&time zone code=US- 
OR&start _ hour=l8&start minute=50&occurrence=daily&option title=Ini 
tial+Options&frequency_days=l&asset groups=My+AGéfqdn=domain.qualy 


m" 


"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/" 
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Update a scan schedule 
/api/2.0/fo/schedule/scan/?action=update 
[POST] 


Update a scan schedule in the user’s account. During an update request you must specify 
target_from=assets when fqdn is specified in the same request. This is true for 
vulnerability scans and CertView type vulnerability scans. 


When fqdn is not specified during an update request for a scheduled scan that already 
has fqdn defined, we will keep the existing value. 


Input Parameters 


The input parameters for updating a scan schedule are below. For complete details see 
Scan Parameters and Scan Schedule Parameters. 


Type Parameter List 

Request action=update (required), id (required), echo_request 

Scan Title scan_title 

Status active=0|1 

Option Profile option_id or option_title 

Scanner Appliance iscanner_id, iscanner_name, default_scanner, 
scanners_in_ag, scanners_in_network, scanners_in_tagset 

Processing Priority priority 

Asset IPs/Groups ip, asset_group_ids or asset_groups, exclude_ip_per_scan 

Asset Tags target_from=tags, use_ip_nt_range_tags_include, 


use_ip_nt_range_tags_exclude, use_ip_nt_range_tags, 
tag_include_selector, tag_exclude_selector, tag_set_by, 
tag_set_exclude, tag_set_include 


EC2 Environment connector_name or connector_uuid, ec2_endpoint, 
ec2_only_classic 

Network ip_network_id (when the Network Support feature is 
enabled) 

Start Time Must be specified together: 


set_start_time=1, start_date, start_hour, start_minute, 
time_zone_code, observe_dst 


Recurrence recurrence 


Daily Scan Must be specified together: 
occurrence=daily, frequency_days 


Weekly Scan Must be specified together: 
occurrence=weekly, frequency_weeks, weekdays 
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Parameter List 


Monthly Scan 


Must be 


specified together: 


occurrence=monthly, frequency_months, 
Nth day of month: day_of_month, 
Day in Nth week: day_of_week, week_of_month 


End 


end_after, end_after_mins 


Pause and Resume 


pause_a 


fter_hours, pause_after_mins, resume_in_days, 


resume_in_hours 


Notifications 


before_notify, before_notify_unit, before_notify_time, 
before_notify_message, after_notify, after_notify_message, 
recipient_group_ids, delay_notify, delay_notify_message, 
skipped_notify, skipped_notify_message, deactivate_notify, 
deactivate_notify_message 


Sample - Update scan schedule, Pause after 15 minutes 


API request: 


curl -u 
-d 


"USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


"action=updateéid=146754&pause after hours=0épause after mins=15ér 
esume in days=2&resume_ in hours=5" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 


"https: / 


<SIMPLE 


RETURN> 


<RES PONSE> 


<KEY>ID</KEY> 


TTEM> 
EM LIST> 


PONSE> 


RETURN> 


Delete scan schedule 


<VALUE>146754</VALU 


/qualysapi.qualys.com/api/2.0/simple return.dtd"> 


ETIME>2019-01-14T11:57:422</DATETIME> 
iXT>Edit scheduled Scan Completed successfully</TEXT> 
EM LIST> 


ea 
V 


/api/2.0/fo/schedule/scan/?action=update 


[POST] 
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Delete a scan schedule in the user's account. 


Input Parameters 


Parameter Description 
action=delete (Required) 
echo_request=[0|1) (Optional) Specify 1 to echo the request’s input parameters 


(names and values) in the XML output. Otherwise parameters are 
not displayed in the output. 


id={value Optional) The ID of the scan schedule you want to delete. 
p y 


Sample - Delete scan schedule 


API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: curl" -X "POST" -d 
"id=123456" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/?action=del 
ete" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-05-30T21:32:40Z</DATETIME> 
<TEXT>Schedule scan deleted successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>123456</VALU 


eal 
V 
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PC Scan Schedules 


The PC Schedule Scan API (/api/2.0/fo/schedule/scan/compliance) allows you to create, 
update, list, and delete schedule scans for Policy Compliance. 
Permissions 


Note: The PC Scan schedule APIs are available as part of one of the following subscription 
combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 


User Role Permissions 


Manager Create scan schedules for all assets in the subscription 
Remove all scan schedules 
View all scan schedules in the subscription 


Unit Manager Create scan schedules for assets in user’s business unit 
Remove scan schedules in user’s business unit. 
View scan schedules in the subscription* 


Scanner Create scan schedules for assets in user’s account. 
Remove user’s scan schedules 
View scan schedules in the subscription* 


Readers No permission to create or remove scan schedules 
View scan schedules in the subscription* 


“Qualys includes an account permission setting that restricts Unit Managers, Scanners, 
and Readers from viewing scheduled tasks on unassigned assets. 
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/api/2.0/fo/schedule/scan/compliance/?action=list 


[GET] 


Input Parameters 


Scans 
PC Scan Schedules 


Parameter Description 
action=list (Required) 
echo_request=({0|1} (Optional) Specify 1 to echo the request’s input parameters 


(names and values) in the XML output. Otherwise parameters are 
not displayed in the output. 


id={value} 


(Optiona 


The ID of the scan schedule you want to display. 


active={0|1} 


(Optiona 
schedules only. 


Specify 1 for active schedules on 


y, or 0 for deactivated 


show_notifications={0|1} 


(Optiona 
schedule 


Specify 1 to include the notifica 
in the XML output. 


tion settings for each 


show_cloud_details=(0|1} 


(Optional) Set to 1 to dis 


Connector, Scan Type and Cloud Target) in 


Otherwise the details ar 


play the cloud details (Provider, 


e not displayed in the outp 


the XML output. 


ut. 


client_id={value} 


(Optiona 
only). Parameter client_i 
the same request. 


Id assigned to the cli 


dor cli 


ent (Consultant type subscription 
ent_name may be specified for 


client_name={value} 


(Optiona 


only). Parameter client_i 
the same request. 


dor cli 


) Name of the client (Consultant type subscription 
ent_name may be specified for 


API request: 


curl Si 


"USERNAME : PASSWORD" 


-H "X 


-Requested-With: 


Curl" 


"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/ 


?action=list 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
COMPLIANCE SCHEDULE SCA 


<!DOCTYPE 


Hn 


"https://qualysapi.qualy 
schedule_ 


compliance_ 


scan list out 


<COMPLIANCE SCH 


EDULE SCAN LIST OU 


?> 


N LIST OUTPUT SYSTEM 


put.dtd"> 
TPUT> 


<RES 


PONSE> 


<DATETIME>2019-11-19T10:10:582</DATETIME> 


<COMPLIANC 


E SC 


<SCAN> 
<I 


<ACTIV 
<TITLI 


D>57363</ID> 


E>1</ACTIVI 


E> 
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HEDULE SCAN LIST> 


s.com/api/2.0/fo/schedule/scan/compliance/ 


Scans 
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<! [CDATA[My Scan Schedule api6]]> 


</TITLE> 


<USER_LOGIN>quays_sp1</USER_LOGIN> 


<TARGET> 

<i 
</TARGE 
<NETWOR 
<!f 
</NETWO 


ATA[10.10.10.185] ]> 


ID> 
ATA[O]]> 
ID> 


<ISCANNE 


R 


_NAME> 


<i [Te 
</ISCANN 
<ASSET G 


D 


ATA[pyscandsp] ]> 


py 


R NAME> 


R 


CI 


OUP TITLI IST> 


<ASS 


E 
E 


< 


T_GROUP_TITLE> 
! [CDATA [policyred7]]> 


</ASSET_GROUP_TITLE> 


</ASSET 


G 


ROUP TITLE LIST> 


<OPTION P 


<TITLE> 
! 


</TI 


< 
T 


ROFILE> 


[CDATA [duplicate I0]]> 
E> 


<DEFAULT FLAG>0</DEFAULT FLAG> 


</OPTION 


<SCHEDUL 


Py 


<DAI 


19T22:00:002</START DATE 


<NE 
19T22:00:00</NEXTLAUNCH 
<TIM 


<EL 
America/Los_Angeles</TIME 


</TI 


<STAR 


<DST_ 


L 


_UTC> 
<STAR 


PROFILE> 
> 


Y frequency days="5" /> 
T_DATE UTC>2019-11- 


T_HOUR>14</START_HOUR> 
T_MINUTE>0</START_MINUTE> 


XTLAUNCH UTC>2019-11- 


<TIME_ZONE_CODE>US-CA</TIME_ZONE_CODE> 
ME ZONE DETAILS>(GMT-0800) United States: 


F 


ZONE DETAILS> 


M 


F ZONE> 
SELECTED>1</DST_SELECTED> 


T 


E> 


</SCHEDU 


<NOTIFICATIONS /> 


</SCAN> 


</COMPLIANCE SCH 


> 


DULE SCAN LIST> 


</RESPONSE> 
</COMPLIANC 


T 


| SCHEDULE SCAN LIST OUTPUT> 
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DTD: 


<platform API server>/api/2.0/fo/schedule/scan/compliance/ 
compliance_schedule_scan_list_output.dtd" 

Create a Compliance Scan Schedule 
/api/2.0/fo/schedule/scan/compliance/?action=create 
[POST] 


Create a scan schedule in the user’s account. 


Input Parameters 


The input parameters for creating a scan schedule are below. For complete details see 
Scan Parameters and Scan Schedule Parameters. 


Type Parameter List 
Request action=create (required), 
echo_request=({0|1} (Optional) Specify 1 to echo the request’s input parameters 


(names and values) in the XML output. Otherwise 
parameters are not displayed in the output. 


Scan scan_title (required), active=0|1 (required) 

Compliance Profile option_id or option_profile (one is required) 

Scanner Appliance iscanner_id or iscanner_name 

Asset IPs/Groups ip, asset_group_ids, asset_groups, exclude_ip_per_scan, 


default_scanner, scanners_in_ag 


Asset Tags target_from=tags, tag_include_selector, 
tag_exclude_selector, tag_set_by, tag_set_exclude, 
tag_set_include, use_ip_nt_range_tags_include, 
use_ip_nt_range_tags_exclude, use_ip_nt_range_tags 


Network ip_network_id to filter IPs/ranges in “ip” parameter (valid 
when the networks feature is enabled) 

Scheduling start_date (current date by default) 
start_hour, start_minute, time_zone_code, occurrence 
(required) 


observe_dst, recurrence, end_after, pause_after_hours, 
resume_in_days 


Daily Scan occurrence=daily, frequency_days (required) 


Weekly Scan occurrence=weekly, frequency_weeks, weeks (required) 
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Type Parameter List 


Monthly Scan occurrence=monthly, frequency_months (required) 
Nth day of month: day_of_month (required) 
Day in Nth week: day_of_week, week_of_month (required) 


Notifications before_notify, before_notify_unit, before_notify_time, 
before_notify_message, after_notify, after_notify_message, 
recipient_group_ids, delay_notify, delay_notify_message 
skipped_notify, skipped_notify_message, deactivate_notify, 
deactivate_notify_message 


Sample - Create compliance scan schedule 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/ 
?action=createéscan title=Myt+Scan+Scheduletapibé&active=lé&option id 
=70960&asset groups=policyred7&iscanner name=pyscandspéoccurrence= 
dailyé&frequency days=5&time zone code=US- 
CA&observe dst=yesé&start hour=14&start_ minute=0" 


XML output: 


<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2019-11-19T11:14:192Z</DATETIME> 
<TEXT>New compliance scan scheduled successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>57368</VALU 
</ITEM> 
EM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 


Sample - Create compliance scan schedule and cancel after 45 minutes 


API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/ 
?action=createéscan title=My Weekly Scané&option title=nordea 
windows &ip=10.10.10.10&active=1&occurrence=weeklyéstart_ hour=13&st 
art minute=30&time zone code=IN&frequency weeks=1éweekdays=Sunday& 
end after=0&end after mins=45&iscanner name=pyscandsp&before notif 
y=lé&before notify unit=hoursé&before notify time=20" 
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<!DOCTYPE SIMPL 


E RETURN SYSTEM 
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"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 


<RES PONSE> 


<DATETIME>2019-11-21T08:06:49Z</DAT 


ETIM 


E> 


<TEXT>New compliance scan scheduled successfully</TEXT> 
<ITEM_LIST> 

<ITEM> 
<KEY>ID</KEY> 


</SIMPLE_RET 


</RESPONSE> 
U 


<VALUE>57369</VALU 


TEM> 


eal 
V 


Sample - Create compliance scan schedule using all scanners in network 


API request: 


"USERNA! 


curl -u 


ME: PAS 


SWORD" 


-H "X-Requested-With: Curl" 


"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/ 


?action=createéscan titl 


API+Schedul 


tscan&option title=nordea 


windows&ip network id=52010éscanners in network=1éip=10.10.10.10 

,10.10.10.11&0ccurrence=monthly&frequency months=12éday of month=2 
O&start minute=00éstart hour=22&time zone code=INéobserve dst=noé&p 
ause after hours=3éresume in days=4&recurrence=5é&start date=08/20/ 


2020&active=1" 


XML output: 


<!DOCTYPE SIMPL 


E RETURN SYSTEM 


"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RES PONSE> 


<DATETIM 


E>2019-11-21T08:26:00Z</DATETIME> 


<TEXT>New compliance scan scheduled successfully</TEXT> 
<ITEM LIST> 


<ITEM> 
<KEY>ID</KEY> 
<VALUE>57370</VALUE> 
</ITEM> 
</ITEM LIST> 


</RESPONSE> 


</SIMPLE_RETURN> 
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Sample - Create EC2 compliance scan schedule 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/ 


z 


action=create&scan title=API Schedule EC2 PC&target from=tags&tag_ 
set _by=name&tag_include_selector=any&tag_set_include=Auth&connecto 
r name=AWS+Connector&ec2_endpoint=us-east- 
léactive=0&occurrence=dailyéstart date=05/21/2020&start hour=20&st 
art_minute=30étime_ zone code=IN&option title=Initial+PC+Optionséfr 
equency days=364éend after=lé&observe dst=no&iscanner name=EC2 Scan 
ner" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2020-06-07T22:09:26Z</DATETIME> 
<TEXT>New compliance scan scheduled successfully</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>279256</VALU 


eal 
V 


</ITE ESTS 
</RESPONSE> 
</SIMPLE RETURN> 
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Update a Compliance Scan Schedule 


/api/2.0/fo/schedule/scan/compliance/?action=update&id=<id> 


[POST] 


Update a scan schedule in the user’s account. 


Input Parameters 


The input parameters for updating a scan schedule are below. For complete details see 
Scan Parameters and Scan Schedule Parameters. 


Type 


Parameter List 


Request 


action=update (required) 


echo_request={0|1} 


(Optional) Specify 1 to echo the request’s input parameters 
(names and values) in the XML output. Otherwise 
parameters are not displayed in the output. 


Scan Title scan_title 
id={value} (Required)The ID of the scan schedule you want to update. 
Status active=0|1 


Compliance Profile 


option_id or option_title 


Scanner Appliance iscanner_id, iscanner_name, default_scanner, 
scanners_in_ag, scanners_in_network, scanners_in_tagset 

Asset IPs/Groups ip, asset_group_ids or asset_groups, exclude_ip_per_scan 

Asset Tags target_from=tags, use_ip_nt_range_tags_include, 
use_ip_nt_range_tags_exclude, use_ip_nt_range_tags, 
tag_include_selector, tag_exclude_selector, tag_set_by, 
tag_set_exclude, tag_set_include 

Network ip_network_id (when the Network Support feature is 
enabled) 

Start Time Must be specified together: 


set_start_time=1, start_date, start_hour, start_minute, 
time_zone_code, observe_dst 


recurrence={value} 


(Optional) The number of times the scan will be run before 
it is deactivated. For example, if you set recurrence=2, the 
scan schedule will be deactivated after it runs 2 times. By 
default no value is set. A valid value is an integer from 1 to 
99. 


Daily Scan Must be specified together: 
occurrence=daily, frequency_days 
Weekly Scan Must be specified together: 


occurrence=weekly, frequency_weeks, weekdays 
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Type Parameter List 


Monthly Scan Must be specified together: 
occurrence=monthly, frequency_months, 

Nth day of month: day_of_month, 

Day in Nth week: day_of_week, week_of_month 


End end_after, end_after_mins 


Pause and Resume pause_after_hours, pause_after_mins, resume_in_days, 
resume_in_hours 


Notifications before_notify, before_notify_unit, before_notify_time, 
before_notify_message, after_notify, after_notify_message, 
recipient_group_ids, delay_notify, delay_notify_message, 
skipped_notify, skipped_notify_message, deactivate_notify, 
deactivate_notify_message 


Sample - Update compliance scan schedule. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"http://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/? 
action=updateéid=57360éo0ption 1d=39594" 


XML output: 


<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2019-11-19T12:04:442</DATETIME> 
<TEXT>Edit scheduled Scan Completed successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>57360</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


£ 


eal 
V 
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Delete a Compliance Scan Schedule 


/api/2.0/fo/schedule/scan/compliance/?action=delete&id=<id> 


[POST] 


Delete a scan schedule in the user’s account. 


Input Parameters 


Parameter Description 

action=delete (Required) 

id={value} (Required) The ID of the scan schedule you want to delete. 
echo_request=({0|1} (Optional) Specify 1 to echo the request’s input parameters 


(names and values) in the XML output. Otherwise parameters are 


not displayed in 


the output. 


Sample - Delete compliance scan sched 


API request: 
curl -u "USERNAME: PASSWORD" 


ule 


-H "X-Requested-With: Curl" 


"https://qualysapi.qualys.com/api/2.0/fo/schedule/scan/compliance/ 


Paction=deleteéid=57360" 
XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RESPONSE> 


<TEXT>Schedule scan 
<ITEM LIST> 
<ITEM> 


<DATETIME>2019-11-19T12:10:452Z</DATETIME> 


deleted successfully</TEXT> 


<KEY>ID</KEY> 


<VALUE>57360</VALU 


</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


Fl 
V 
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Scan List Parameters 


Request type 


Parameter 


Description 


action=list 


(Required) A flag used to make a request for a scan list. 


echo_request=[0|1) 


(Optional) Specifies whether to echo the request’s input 
parameters (names and values) in the XML output. When not 
specified, parameters are not included in the XML output. Specify 
1 to view parameters in the XML output. 


Filters - Several parameters allow you to set filters to restrict the scan list output. When 
no filters are specified, the service returns all scans launched by all users within the past 


30 days. 


Parameter 


Description 


scan_ref={value} 


Optional) Show only a scan with a certain scan reference code. 
When unspecified, the scan list is not restricted to a certain scan. 
For a vulnerability scan, the format is: 

scan/987659876.19876 

For a compliance scan the format is: 
compliance/98765456.12345 

For a SCAP scan the format is: 

qscap/987659999.22222 


scan_id={value} 


(Optional) Show only a scan with a certain compliance scan ID. 


state={value} 


Optional) Show only one or more scan states. By default, the 
scan list is not restricted to certain states. A valid value is: 
Running, Paused, Canceled, Finished, Error, Queued (scan job is 
waiting to be distributed to scanner(s)), or Loading (scanner(s) are 
finished and scan results are being loaded onto the platform). 
Multiple values are comma separated. 


processed={0|1} 


Optional) Specify 0 to show only scans that are not processed. 
Specify 1 to show only scans that have been processed. When not 
specified, the scan list output is not filtered based on the 
processed status. 


type={value} 


(Optional) Show only a certain scan type. By default, the scan list 
is not restricted to a certain scan type. A valid value is: 
On-Demand, Scheduled, or API. 


target=(value} 


(Optional) Show only one or more target IP addresses. By default, 
the scan list includes all scans on all IP addresses. Multiple IP 
addresses and/or ranges may be entered. Multiple entries are 
comma separated. You may enter an IP address range using the 
hyphen (-) to separate the start and end IP address, as in: 
10.10.10.1-10.10.10.2 


user_login={value} 


(Optional) Show only a certain user login. The user login 
identifies a user who launched scans. By default, the scan list is 
not restricted to scans launched by a particular user. Enter the 
login name for a valid Qualys user account. 


za 


Parameter 


Scans 
Scan List Parameters 


Description 


launched_after_datetime= 


{date} 


Optional) Show only scans launched after a certain date and 
time (optional). The date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007- 
01-25T23:12:002”. 


When launched_after_datetime and launched_before_datetime 
are unspecified, the service selects scans launched within the 
past 30 days. 


A date/time in the future returns an empty scans list. 


launched_before_datetime= 


{date} 


Optional) Show only scans launched before a certain date and 
time (optional). The date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007- 
01-25T23:12:002Z”. 


When launched_after_datetime and launched_before_datetime 
are unspecified, the service selects scans launched within the 
past 30 days. 


A date/time in the future returns a list of all scans (not limited to 
scans launched within the past 30 days). 


scan_type=certview 


(Optional) List CertView in VM scans only. This option will be 
supported when CertView GA is released and enabled for your 
account. 


scan_type=ec2certview 


(Optional) List EC2 CertView VM scans only. 


client_id={value} 


(Optional) Id assigned to the client (Consultant type 
subscriptions). 


client_name={value} 


(Optional) Name of the client (Consultant type subscriptions). 


Note: The client_id and client_name parameters are mutually 
exclusive and cannot be specified together in the same request. 


Show/Hide - These parameters specify whether certain information will be shown in the 


XML output. 


Parameter 


Description 


show_ags={0|1} 


Optional) Specify 1 to show asset group information for each 
scan in the XML output. By default, asset group information is 
not shown. 


show_op={0|1} 


Optional) Specify 1 to show option profile information for each 
scan in the XML output. By default, option profile information is 
not shown. 


show_status={0|1} 


Optional) Specify 0 to not show scan status for each scan in the 
XML output. By default, scan status is shown. 


show_last={0|1} 


Optional) Specify 1 to show only the most recent scan (which 
meets all other search filters in the request) in the XML output. 
By default, all scans are shown in the XML output. 
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Parameter Description 


pci_only=[0|1) (Optional) Specify 1 to show only external PCI scans in the XML 
output. External PCI scans are vulnerability scans run with the 
option profile “Payment Card Industry (PCI) Options”. When 
pci_only=1 is specified, the XML output will not include other 
types of scans run with other option profiles. 


ignore_target={0|1} (Optional) Specify 1 to hide target information from the scan list. 
Specify 0 to display the target information. 


Scan Parameters 


Input parameters used to launch a VM or PC scan are below. 


Parameter Description 

action={launch} (Required) Specify “launch” to launch a new scan. 

echo_request={0|1} (Optional) Specify 1 to list the input parameters in the XML 
output. When unspecified, parameters are not listed in the XML 
output. 

scan_title={value} (Optional) The scan title. This can be a maximum of 2000 


characters (ascii). 


target_from={assets|tags} (Optional) Specify “assets” (the default) when your scan target 
will include IP addresses/ranges and/or asset groups. Specify 
“tags” when your scan target will include asset tags. 


ip={value} (Optional) The IP addresses to be scanned. You may enter 
individual IP addresses and/or ranges. Multiple entries are 
comma separated. One of these parameters is required: ip, 
asset_groups or asset_group_ids. 


ip is valid only when target_from=assets is specified. 


asset_groups={value} (Optional) The titles of asset groups containing the hosts to be 
scanned. Multiple titles are comma separated. One of these 
parameters is required: ip, asset_groups or asset_group_ids. 


asset_groups is valid only when target_from=assets is specified. 


These parameters are mutually exclusive and cannot be 
specified in the same request: asset_groups and asset_group_ids. 


asset_group_ids={value} (Optional) The IDs of asset groups containing the hosts to be 
scanned. Multiple IDs are comma separated. One of these 
parameters is required: ip, asset_groups or asset_group_ids. 


asset_group_ids is valid only when target_from=assets is 
specified. 


These parameters are mutually exclusive and cannot be 
specified in the same request: asset_groups and asset_group_ids. 
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Scan Parameters 


Description 


exclude_ip_per_scan=(valu 
e) 


(Optional) The IP addresses to be excluded from the scan when 
the scan target is specified as IP addresses (not asset tags). You 
may enter individual IP addresses and/or ranges. Multiple entries 
are comma separated. 


exclude_ip_per_scan is valid only when target_from=assets is 
specified. 


tag include_selector= 
{alllany} 


Optional) Select “any” (the default) to include hosts that match 
at least one of the selected tags. Select “all” to include hosts that 
match all of the selected tags. 


tag_include_selector is valid only when target_from=tags is 
specified. 


tag_exclude_selector= 
{alllany} 


Optional) Select “any” (the default) to exclude hosts that match 
at least one of the selected tags. Select “all” to exclude hosts that 
match all of the selected tags. 


tag_exclude_selector is valid only when target_from=tags is 
specified. 


tag_set_by={id|name} 


Optional) Specify “id” (the default) to select a tag set by 
providing tag IDs. Specify “name” to select a tag set by providing 
tag names. 


tag_set_by is valid only when target_from=tags is specified. 


tag_set_include={value} 


Optional) Specify a tag set to include. Hosts that match these 
tags will be included. You identify the tag set by providing tag 
name or IDs. Multiple entries are comma separated. 


tag_set_include is valid only when target_from=tags is specified. 


tag_set_exclude={value} 


Optional) Specify a tag set to exclude. Hosts that match these 
tags will be excluded. You identify the tag set by providing tag 
name or IDs. Multiple entries are comma separated. 


tag_set_exclude is valid only when target_from=tags is specified. 


use_ip_nt_range_tags_inclu 
de={0|1} 


Optional) Specify “0” (the default) to select from all tags (tags 
with any tag rule). Specify “1” to scan all IP addresses defined in 
tag selection. When this is specified, only tags with the dynamic 
IP address rule called “IP address in Network Range(s)” can be 
selected. 


use_ip_nt_range_tags_include is valid only when 
target_from=tags is specified. 


use_ip_nt_range_tags_exclu 
de={0|1} 


Optional) Specify “0” (the default) to select from all tags (tags 
with any tag rule). Specify “1” to exclude all IP addresses defined 
in tag selection. When this is specified, only tags with the 
dynamic IP address rule called “IP address in Network Range(s)” 
can be selected. 


use_ip_nt_range_tags_exclude is valid only when 
target_from=tags is specified. 
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Description 


use_ip_nt_range_tags={0|1} 


(Optional) Specify “0” (the default) to select from all tags (tags 
with any tag rule). Specify “1” to scan all IP addresses defined in 
tags. When this is specified, only tags with the dynamic IP 
address rule called “IP address in Network Range(s)” can be 
selected. 


This parameter has been replaced by 
use_ip_nt_range_tags_include and 
use_ip_nt_range_tags_exclude parameters. 

The use_ip_nt_range_tag parameter is still supported. 


use_ip_nt_range_tags is valid only when target_from=tags is 
specified. 


iscanner_id={value} 


(Optional) The IDs of the scanner appliances to be used. Multiple 
entries are comma separated. For an Express Lite user, Internal 
Scanning must be enabled in the user’s account. 


One of these parameters must be specified in a request: 
iscanner_name, iscanner_id, default_scanner, scanners_in_ag, 
scanners_in_tagset. When none of these are specified, External 
scanners are used. 


These parameters are mutually exclusive and cannot be 
specified in the same request: iscanner_id and iscanner_name. 


iscanner_name={value} 


(Optional) The friendly names of the scanner appliances to be 
used or “External” for external scanners. Multiple entries are 
comma separated. For an Express Lite user, Internal Scanning 
must be enabled in the user’s account. 


One of these parameters must be specified in a request for an 
internal scan: iscanner_name, iscanner_id, default_scanner, 
scanners_in_ag, scanners_in_tagset. When none of these are 
specified, External scanners are used. 


These parameters are mutually exclusive and cannot be 
specified in the same request: iscanner_id and iscanner_name. 


default_scanner={0|1} 


(Optional) Specify 1 to use the default scanner in each target 
asset group. For an Express Lite user, Internal Scanning must be 
enabled in the user's account. 


One of these parameters must be specified in a request for an 
internal scan: iscanner_name, iscanner_id, default_scanner, 
scanners_in_ag, scanners_in_tagset. When none of these are 
specified, External scanners are used. 


default_scanner is valid when the scan target is specified using 
one of these parameters: asset_groups, asset_group_ids. 
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Scan Parameters 


Description 


scanners_in_ag=[0|1) 


Optional) Specify 1 to distribute the scan to the target asset 
groups’ scanner appliances. Appliances in each asset group are 
tasked with scanning the IPs in the group. By default up to 5 
appliances per group will be used and this can be configured for 
your account (please contact your Account Manager or Support). 
For an Express Lite user, Internal Scanning must be enabled in 
the user’s account. 


One of these parameters must be specified in a request for an 
internal scan: iscanner_name, iscanner_id, default_scanner, 
scanners_in_ag, scanners_in_tagset. When none of these are 
specified, External scanners are used. 


scanners_in_ag is valid when the scan target is specified using 
one of these parameters: asset_groups, asset_group_ids. 


scanners_in_tagset={0|1} 


(Optional) Specify 1 to distribute the scan to scanner appliances 
that match the asset tags specified for the scan target. 


One of these parameters must be specified in a request for an 
internal scan: iscanner_name, iscanner_id, default_scanner, 
scanners_in_ag, scanners_in_tagset. When none of these are 
specified, External scanners are used. 


scanners_in_tagset is valid when the target_from=tags is 
specified. 


scanners_in_network= 
{value} 


(Optional) Specify 1 to distribute the scan to all scanner 
appliances in the network. 


option_title={value} 


(Optional) The title of the option profile to be used. 


One of these parameters must be specified in a request: 
option_title or option_id. These are mutually exclusive and 
cannot be specified in the same request. 


option_id={value} 


(Optional) The ID of the option profile to be used. 


One of these parameters must be specified in a request: 
option_title or option_id. These are mutually exclusive and 
cannot be specified in the same request. 


priority={value} 


(Optional for VM scans only) Specify a value of 0 - 9 to set a 
processing priority level for the scan. When not specified, a value 
of 0 (no priority) is used. Valid values are: 

0 = No Priority (the default) 

1 = Emergency 

2 = Ultimate 

3 = Critical 

4 = Major 

5 = High 

6 = Standard 

7 = Medium 

8 = Minor 

9 = Low 
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Parameter Description 


connector_name=[value) (Required for an EC2 scan) (VM scan only) The name of the EC2 
connector for the AWS integration you want to run the scan on. 


ec2_endpoint=[value) (Required for an EC2 scan) The EC2 region code or the ID of the 
Virtual Private Cloud (VPC) zone. Need help finding the region 
code? See the following: 
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using- 
regions-availability-zones.html#concepts-regions-availability- 
zones 


ec2_instance_ids={value} (Optional) (VM scan only) The ID of the EC2 instance on which 
you want to launch the VM or compliance scan. Multiple ec2 
instance ids are comma separated. You can add up to maximum 
10 instance Ids. When you launch an EC2 scan and specify EC2 
instance IDs as part of the scan target, we can identify and skip 
any invalid instances and continue the scan on the valid 
instances, 


ip_network_id={value} (Optional, and valid only when the Network Support feature is 
enabled for the user’s account 
The ID of a network used to filter the IPs/ranges specified in 
the“ip” parameter. Set to a custom network ID (note this does not 
filter IPs/ranges specified in “asset_groups” or “asset_group_ids”). 
Or set to “0” (the default) for the Global Default Network - this is 
used to scan hosts outside of your custom networks. 


runtime_http_header= (Optional) Set a custom value in order to drop defenses (such as 

{value} logging, IPs, etc) when an authorized scan is being run. The value 
you enter will be used in the “Qualys-Scan:” header that will be 
set for many CGI and web application fingerprinting checks. 
Some discovery and web server fingerprinting checks will not use 


this header. 
scan_type= (Optional) (VM scan only) Launch a CertView type scan. This 
certview option will be supported when CertView GA is released and 


enabled for your account. 


fqdn={value} (Optional) The target FQDN for a vulnerability scan. You must 
specify at least one target i.e. IPs, asset groups or FQDNs. 
Multiple values are comma separated. 


DNS Tracking must be enabled for the subscription. A Manager 
user can enable this feature in the Qualys UI by going to Scans > 
Setup > DNS Tracking and checking the “Enable DNS Tracking for 
hosts” option. 

- You can specify FQDNs in combination with IPs and asset 
groups but not with asset tags. 


chent_id={value} (Optional) Id assigned to the client (Consultant type 
subscriptions). 
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Description 


client_name={value} 


(Optional) Name of the client (Consultant type subscriptions). 


Note: The client_id and client_name parameters are mutually 
exclusive and cannot be specified together in the same request. 


include_agent_targets=(0|1} 


(Optional) Specify 1 when your scan target includes agent hosts. 
This lets you scan private IPs where agents are installed when 
these IPs are not in your VM/PC license. 


Supported capabilities 
- This parameter is supported for internal scans using scanner 
appliance(s). This option is not supported for scans using 

External scanners. 


- This parameter is supported when launching on demand scans 
only. It is not supported for scheduled scans. 


Parameter iscanner_id or iscanner_name must be specified in 
the same request. 


Cloud Perimeter Scan Parameters 


The input parameters for creating or updating a Cloud Perimeter scan are below. 


Parameter 


Description 


action={create|update} 


(Required) Specify "create" to configure a new cloud 
perimeter scan job. Specify "update" to make changes to an 
existing scan job. 


id={value} 


(Required and only applicable for Update request) The ID of 
the scan schedule you want to update. 


module={vm|pc} 


(Required for Create request) Specify "vm" for a 
vulnerability scan and "pc" for a compliance scan. 


cloud_provider={value} 


(Optional) Specify "azure" for an Azure scan. Specify "aws" 
for an AWS EC2 scan. The cloud_provider value cannot be 
changed during an update request. 


When cloud_provider=azure, the following parameters 
cannot be specified in the same request: platform_type, 
region_code, vpc_id, include_micro_nano_instances, 
include_lIb_from_connector. These parameters only apply 
when cloud_provider=aws is specified. 


cloud_service={value} 


(Optional) Specify "vm" (Azure virtual machine) for an 
Azure scan. Specify "ec2" for an AWS EC2 scan. The 
cloud_service value cannot be changed during an update 
request. 
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Description 


connector_name={value} 


(Optional) The name of the connector to be used. We will 
check if the specified connector_name exists for your 
Qualys subscription. If not, then API request returns an 
error message “Invalid connector_name provided”. 


One of these parameters must be specified in the request: 
conector_name or connector_uuid. These are mutually 
exclusive and cannot be specified in the same request. 


connector_uuid={value} 


(Optional) The ID of the connector to be used. We will 
check if the specified connector_uuid exists for your 
Qualys subscription. If not, then API request returns an 
error message “Invalid connector_uuid provided” 


One of these parameters must be specified in the request: 
conector_name or connector_uuid. These are mutually 
exclusive and cannot be specified in the same request. 


scan_title={value} 


(Optional) The scan title. When not specified the default 
scan title is "AWS EC2 Perimeter Scan <date>" 


active={0|1} 


(Required for Create request) Specify "1" to create an active 
schedule. Specify "0" to create an inactive schedule. 


option_title={value} 


(Optional) The title of the option profile to be used. 


One of these parameters must be specified in the request: 
option_title or option_id. These are mutually exclusive and 
cannot be specified in the same request. 


option_id={value} 


(Optional) The ID of the option profile to be used. 


One of these parameters must be specified in a request: 
option_title or option_id. These are mutually exclusive and 
cannot be specified in the same request. 


priority={value} 


(Optional) Specify a value of 0 - 9 to set a processing 
priority level for the scan. When not specified, a value of 0 
(no priority) is used. Valid values are: 

0 = No Priority (the default) 

1 = Emergency 

2 = Ultimate 

3 = Critical 

4 = Major 

5 = High 

6 = Standard 

7 = Medium 

8 = Minor 

9 = Low 


iscanner_id={value} 


(Optional, only valid when your account is configured to 
allow internal scanners) The IDs of the scanner appliances 
to be used. Specify "0" for external scanners. Multiple 
entries are comma separated. 


These parameters cannot be specified in the same request: 
iscanner_id and iscanner_name. 
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Description 


iscanner name=[value) 


(Optional, only valid when your account is configured to 
allow internal scanners) The friendly names of the scanner 
appliances to be used or "External" for external scanners. 
Multiple entries are comma separated. 


These parameters cannot be specified in the same request: 
iscanner_id and iscanner_name. 


platform_type={value} 


(Optional) The platform type. Valid values are: classic, 
vpc_peered or selected_vpc. 


region_code={value} 


(Optional) The EC2 region code. Valid values are: 
ap-northeast-1, ap-southeast-1, ap-southeast-2, ap-east-1, 
eu-west-1, eu-north-1, asa-east-1, us-east-1, us-west-1, us- 
west-2, me-south-1, eu-south-1, and af-south-1 


One of these parameters must be specified in the request: 
region_code or vpc_id. These are mutually exclusive and 
cannot be specified in the same request. 


vpc_id={value} 


(Optional) The ID of the Virtual Private Cloud (VPC) zone. 
The ID value must start with vpc-*. We will check if the 
specified vpc_id exists for the selected connector 


One of these parameters must be specified in the request: 
region_code or vpc_id. These are mutually exclusive and 
cannot be specified in the same request. 


include_micro_nano_instan 


ces={0|1} 


(Optional) Specify 1 to include EC2 assets with instance 
types t2.nano, t3.nano, tl.micro and m1.small in the scan 
job. By default, this parameter value is set to 0. 


Note that these instance types must be activated for your 
account. 


Warning 

AWS EC2 assets with instance types t2.nano, t3.nano, 
t1.micro and m1.small have very limited CPU. When 
scanning these instance types we recommend you choose 
an option profile with Light port scanning and no 
authentication. Alternatively, use Qualys Cloud Agent to 
perform the equivalent of authenticated scanning for the 
east performance impact for these instance types. 


tag_include_selector= 
{alllany} 


Optional) Select “any” (the default) to include hosts that 
match at least one of the selected tags. Select “all” to 
include hosts that match all of the selected tags. 


tag_exclude_selector= 
{alllany} 


Optional) Select “any” (the default) to exclude hosts that 
match at least one of the selected tags. Select “all” to 
exclude hosts that match all of the selected tags. 


tag_set_by={idjname} 


Lap 365 


Optional) Specify “id” (the default) to select a tag set by 
providing tag IDs. Specify “name” to select a tag set by 
providing tag names. We will check if the tag ids or tag 
names are valid. 
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Description 


tag_set_include={value} 


Optional) Specify a tag set to include. Hosts that match 
these tags will be included. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. 


tag_set_exclude={value} 


Optional) Specify a tag set to exclude. Hosts that match 
these tags will be excluded. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. 


include_lb_from_connector 


=(0/1} 


Optional) Specify 1 to include public load balancers from 
the selected connector in the scan job. By default, this 
parameter value is set to 0. 


When you set this parameter to 1, we fetch public load 
balancers from the AWS connector in CloudView that has 
the same configuration as that of the selected connector. If 
you select this option, ensure that you have the connector 
created in your CloudView account with a configuration 
similar to that of the selected connector. If the connector in 
CloudView is not found, then we can't fetch the public load 
balancers from the connector. 


Note 

To create the connector, your account must have 
CloudView subscription and your platform has access to 
CloudView base URL “qweb_cloud_view_base_url” 


elb_dns={value} 


(Optional) One or more load balancer DNS names to 
include in the scan job. Multiple values are comma- 
separated. 


schedule={value} 


(Required for Create request) Specify "now" to schedule the 
scan job for now. Specify "recurring" to schedule the scan 
job to start at a later time or on a recurring basis. See 
Scheduling Parameters in the next section. 


Scan Schedule Parameters 


Scan Schedule - Occurrence 


Parameter 


Description 


occurrence=daily 


Required for a daily scan. 


frequency_days={value} 


Required for a daily scan. The scan will run every N number of 
days. Value is an integer from 1 to 365. 


occurrence=weekly 


Required for a weekly scan. 


frequency_weeks={value} 


Required for a weekly scan. The scan will run every N number of 
weeks. Value is an integer from 1 to 52. 
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Description 


weekdays={value} 


Required for a weekly scan. The scan will run on the one or more 
weekdays. Value is one or more days: sunday, monday, tuesday, 
wednesday, thursday, friday, saturday. Multiple days are comma 
separated. 


occurrence=monthly 


Required for a monthly scan. 


frequency_months={value} 


Required for a monthly scan. The scan will run every N number 
of months. Value is an integer from 1 to 12. 


day_of_month={value} 


Required for monthly scan - Nth day of the month. The scan will 
run on the Nth day of the month. Value is an integer from 1 to 31. 


day_of_week={value} 


Required for monthly scan - day in Nth week. The scan will run 
on this day of the week. Value is and integer from 0 to 6, where 0 
is Sunday and 2 is Tuesday. 


week_of_month={value} 


Required for monthly scan - day in Nth week. The scan will run 
on this week of the month. Value is one of: first, second, third, 
fourth, last. 


Scan Schedule - Start Time 


Parameter 


Description 


start_date={mm/dd/yyyy} 


Optional) By default the start date is the date when the schedule 
is created. You can define another start date in mm/dd/yyyy 
format. 


start_hour={hour} 


Required) The hour when a scan will start. The hour is an 
integer from 0 to 23, where 0 represents 12 AM, 7 represents 7 
AM, and 22 represents 10 PM. 


start_minute={minute} 


Required) The minute when a scan will start. A valid value is an 
integer from 0 to 59. 


time_zone_code={value} 


Required) The time zone code for starting a scan, in upper case. 
For example, the time zone code for US California is US-CA. Valid 
codes are returned by the Time Zone Code API 
(/msp/time_zone_code_list.php). 


observe_dst={yes|no} 


Optional) Specify yes to observe Daylight Saving Time (DST). 
This parameter is valid when the time zone code specified in 
time_zone_code supports DST. 


recurrence={value} 


(Optional) The number of times the scan will be run before it is 
deactivated. For example, if you set recurrence=2, the scan 
schedule will be deactivated after it runs 2 times. By default no 
value is set. A valid value is an integer from 1 to 99. 


end_after={value} 


(Optional) End a scan after some number of hours. A valid value 
is from 0 to 119. 
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end_after_mins={value} 


(Optional) End a scan after some number of minutes. A valid 
value is an integer from 0 to 59. 


Must be specified with end_after. For example, to end the scan 
after 2 hours and 30 minutes, you would specify end_after=2 and 
end_after_mins=30. 


When end_after is set to 0, the minimum value for 
end_after_mins is 15. 


pause_after_hours={value} 


(Optional) Pause a scan after some number of hours if the scan 
has not finished by then. A valid value is an integer from 0 to 119. 


pause_after_mins={value} 


(Optional) Pause a scan after some number of minutes if the scan 
has not finished by then. A valid value is an integer from 0-59. 


Must be specified with pause_after_hours. For example, to pause 
the scan after 2 hours and 30 minutes, you would specify 


f- 


pause_a 


ter_hours=2 and pause_after_mins=30. 


When pause_after_hours is set to 0, the minimum value for 


pause_after_mi 


nsis 15. 


resume_in_days={value} 


(Optional) Resume a paused scan in some number of days. A 


valid value is an integer from 0 to 9 or Manually. 


resume_in_hours={value} 


(Optional) Resume a paused scan in some number of hours. A 


valid value is an integer from 0-23. 


resume_in_hou 


the scan to pau 
59min) then yo 


rs=12. 


se betwe 
u can set 


Must be specified with pause_after_hours and resume_in_days. 
For example, to resume your scan in 5 hours, specify 
resume_in_days=0 and resume_in_hours=5. To resume your scan 
in 1 day and 12 hours, specify resume_in_days=1 and 


Note - The value you set for pause will determine the minimum 
value for resume. For example, if you set the scan to pause after 
1 hour then you can set it to resume in 2 or more hours. If you set 


en 1-2 hours (from 1hr, 1min to 1 hr, 
it to resume in 3 hours or more. 


set_start_time={0|1} 


any of the start 


Optional for Update on 
time parameters. 


y) Specify set_start_time=1 to update 


start_date, star 
observe_dst 


Must be specified with all start time parameters together: 


t_hour, start_minute, time_zone_code, 
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Scan Schedule - Notifications 


Parameter 


Description 


before_notify={0|1} 


(Optional) Specify before_notify=1 to send a notification before 
the scan starts. When not specified during a create request no 
notification is sent. When not specified during an update request 
we keep the previous setting. 


before_notify_unit={value} 


(Optional) Specify the time unit for when to send the before scan 
notification. Possible values are: days, hours, minutes. 


This parameter is required when before_notify=1. Not valid when 
before_notify=0. 


before_notify_time={value} 


(Optional) Indicates the number of days, hours or minutes before 
the scan starts the notification will be sent. For days, enter a 
value of 1-31. For hours, enter a value of 1-24. For minutes, enter 
a value of 5-120. 


This parameter is required when before_notify=1. Not valid when 
before_notify=0. 


before_notify_message= 
{value} 


(Optional) Specify a custom message to add to the before scan 
notification. The notification will always include certain details 
like the scan title, owner, option profile and start time. Include up 
to 4000 characters, no HTML tags. 


For update requests: 
- When not specified we keep the previous setting. 
- Specify an empty string to delete the last saved message. 


This parameter is only valid when before_notify=1. 


after_notify={0|1} 


(Optional) Specify after_notify=1 to send a notification after the 
scan is finished. When not specified during a create request no 
notification is sent. When not specified during an update request 
we keep the previous setting. 


after_notify_message= 
{value} 


(Optional) Specify a custom message to add to the after scan 
notification. When not specified during a create request, no 
notification message is saved. Include up to 4000 characters, no 
HTML tags. 


For update requests: 


- When not specified we keep the previous setting. 
- Specify an empty string to delete the last saved message. 


- If both notifications are disabled (before_notify=0 and 
after_notify=0) we will delete the after notify message. 


This parameter is only valid when after_notify=1. 
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Description 


recipient_group_ids={value} 


(Optional) The notification recipients in the form of one or more 
valid distribution group IDs. When not specified during a create 
request, only the task owner will be notified. 


For update requests: 
- When not specified we keep the previous setting. 
- Specify an empty string to delete the list of IDs. 


- If both notifications are disabled (before_notify=0 and 
after_notify=0) we will delete the list of IDs. 


This parameter is only valid when before_notify=1 or 
after_notify=1 is specified in the same request. 


delay_notify=({0|1} 


(Optional) Specify to send a notification if a scheduled scan is 
delayed. 


delay_notify_message={val 
ue} 


(Optional) Specify a message to send notification for a delayed 
scheduled scan. If a message is not specified or if the 
delay_notify=1, the following default message is shown: 

“The Qualys scan launch has been delayed and will be tried 
again.” 


This parameter is only valid when delay_notify=1. 


skipped_notify={0|1} 


(Optional) Specify to send a notification if a scheduled scan is 
skipped. 


skipped_notify_message={v 
alue} 


(Optional) Specify a message to send notification for a skipped 
scheduled scan. If a message is not specified or if the 
skipped_notify=1, the following default message is shown: 
“The Qualys scan launch has been skipped.” 


This parameter is only valid when skipped_notify=1. 


deactivate_notify=(0|1} 


(Optional) Specify to send a notification if a scheduled scan is 
deactivated. 


deactivate_notify_message 
={value} 


(Optional) Specify a message to send notification for a 
deactivated scheduled scan. If a message is not specified or if the 
deactivate_notify=1, the following default message is shown: 
“The Qualys scan has been deactivated by the service.” 


This parameter is only valid when deactivate_notify=1. 


Scan Schedule - Consultant type subscriptions 


Parameter 


Description 


client_id={value} 


(Optional) Id assigned to the client (Consultant type 
subscriptions). 


client_name={value} 


(Optional) Name of the client (Consultant type subscriptions). 


Note: The client_id and client_name parameters are mutually 
exclusive and cannot be specified together in the same request. 
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VM Scan Statistics 
/api/2.0/fo/scan/stats/?action=list 
[GET] [POST] 


List details about vulnerability scans and assets that are waiting to be processed. 
Permissions - Manager role is required. 
You'll see these sections in the XML output: 


UNPROCESSED SCANS - The total number of scans that are not processed, including scans 
that are queued, running, loading, finished, etc. 


VM RECRYPT BACKLOG - The total number of assets across your finished scans that are 
waiting to be processed. 


VM RECRYPT BACKLOG BY SCAN - Scan details for vulnerability scans that are waiting to 
be processed. For each scan, you'll see the scan ID, scan title, scan status, processing 
priority and number of hosts that the scan finished but not processed. 


VM RECRYPT BACKLOG BY TASK - Processing task details for vulnerability scans that are 
waiting to be processed. For each task, you'll see the same scan details as VM RECRYPT 
BACKLOG BY SCAN plus additional information like the total hosts alive for the scan, the 
number of hosts from the scan that have been processed, the number of hosts waiting to 
be processed, the scan start date, the task type and task status. 


Sample - List VM statistics 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/stats/?action=list" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE TASK PROCESSING SYSTEM 
"https: //qualysapi.qualys.com/api/2.0/fo/scan/stats/vm_recrypt_res 
ults.dtd"> 
<TASK PROCESSING> 
<UNPROCESSED_ SCANS><! [CDATA[366] ]></UNPROCESSED SCANS> 
<VM_RECRYPT BACKLOG><! [CDATA[116]]></VM_RECRYPT_ BACKLOG> 
<VM_RECRYPT_ BACKLOG BY SCAN> 
<SCAN> 
<ID><! [CDATA[189275]]></ID> 
<TITLE><! [CDATA[API_V2_IP Scan 1511513769] ]></TITLE> 
<STATUS><! [CDATA [Loading] ]></STATUS> 


<PROCESSING PRIORITY><! [CDATA [None] ]></PROCESSING PRIORITY> 
<COUNT><! [CDATA[2] ] ></COUNT> 
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</SCAN> 

<SCAN> 
<ID><! [CDATA[189281]]></ID> 
<TITLE><! [CDATA[API_V2_AG Scan_1511513846] ]></TITLE> 
<STATUS><! [CDATA [Loading] ] ></STATUS> 


<PROCESSING PRIORITY><! [CDATA [None] ]></PROCESSING PRIORITY> 
<COUNT><! [CDATA[2] ] ></COUNT> 
</SCAN> 
<SCAN> 
<ID><! [CDATA[190773]]></ID> 
<TITLE><! [CDATA[API_V2_IP_Scan_]]></TITL 
<STATUS><! [CDATA[Finished] ] ></STATUS> 


eal 
V 


<PROCESSING PRIORITY><![CDATA[None]]></PROCESSING PRIORITY> 
<COUNT><! [CDATA[2] ] ></COUNT> 
</SCAN> 
<SCAN> 
<ID><! [CDATA[190775]]></ID> 
<TITLE><! [CDATA[API_V2_IP_Scan_]]></TITL 
<STATUS><! [CDATA[Finished] ]></STATUS> 


eal 
V 


<PROCESSING PRIORITY><! [CDATA [None] ]></PROCESSING PRIORITY> 
<COUNT><! [CDATA[2] ] ></COUNT> 
</SCAN> 


</VM_RECRYPT BACKLOG BY SCAN> 
<VM_RECRYPT BACKLOG BY TASK> 
<SCAN> 
<ID><! [CDATA[210337]]></ID> 
<TITLE><! [CDATA[API V2 AG Scan_1515055579]]></TITLE> 
<STATUS><! [CDATA [Loading] ] ></STATUS> 


<PROCESSING PRIORITY><! [CDATA [None] ]></PROCESSING PRIORITY> 
<NBHOST><! [CDATA[] ] ></NBHOST> 
<TO_PROCESS><! [CDATA[3] ]></TO_PROCESS> 
<PROCESSED><! [CDATA [0] ] ></PROCESSED> 
<SCAN_DATE><! [CDATA[2018-01-04T08:46:132]]></SCAN_DATE> 
<SCAN UPDATED DATE><! [CDATA[2018-01- 
04T08:58:052]]></SCAN_ UPDATED DATE> 
<TASK_TYPE><! [CDATA[VM Scan Processing] ]></TASK_TYPE> 
<TASK_STATUS><! [CDATA [Queued] ]></TASK_STATUS> 
<TASK UPDATED DATE><! [CDATA[2018-01- 
12T08:17:092]]></TASK UPDATED DATE> 
</SCAN> 
<SCAN> 


= | 
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<ID><! [CDATA[215356] ]></ID> 
<TITLE><![CDATA[API V2 AG Scan 1515742250] ]></TITL 
<STATUS><! [CDATA [Running] ]></STATUS> 


zal 
V 


<PROCESSING PRIORITY><![CDATA[None]]></PROCESSING PRIORITY> 
<NBHOST><![CDATA[]]></NBHOST> 
<TO_PROCESS><! [CDATA[0]]></TO_PROCESS> 
<PROCESSED><! [CDATA [0] ] ></PROCESSED> 
<SCAN_DATE><! [CDATA[2018-01-12T07:30:422]]></SCAN_DATE> 
<SCAN UPDATED DATE><! [CDATA[2018-01- 
12T08:01:10Z]]></SCAN UPDATED DATE> 
<TASK TYPE><![CDATA[VM Scan Processing] ]></TASK_TYPE> 
<TASK_STATUS><! [CDATA [Queued] ]></TASK_STATUS> 
<TASK UPDATED DATE><! [CDATA[2018-01- 
12T08:17:112]]></TASK UPDATED DATE> 
</SCAN> 
<SCAN> 
<ID><! [CDATA[215357] ] ></ID> 
<TITLE><! [CDATA[API V2 AG Scan 1515742265] ]></TITL 
<STATUS><! [CDATA [Loading] ] ></STATUS> 


al 
V 


<PROCESSING PRIORITY><! [CDATA [None] ]></PROCESSING PRIORITY> 
<NBHOST><! [CDATA [] ] ></NBHOST> 
<TO_PROCESS><! [CDATA[0]]></TO_PROCESS> 
<PROCESSED><! [CDATA [0] ] ></PROCESSED> 
<SCAN_DATE><! [CDATA[2018-01-12T07:30:582Z]]></SCAN_DATE> 
<SCAN_ UPDATED DATE><! [CDATA[2018-01- 
12T08:14:452] ]></SCAN_ UPDATED DATE> 
<TASK_TYPE><! [CDATA[VM Scan Processing] ]></TASK_TYPE> 
<TASK_STATUS><! [CDATA[Queued] ]></TASK_STATUS> 
<TASK UPDATED DATE><! [CDATA[2018-01- 
12T08:17:112] ]></TASK UPDATED DATE> 


</SCAN> 


</VM_RECRYPT BACKLOG BY TASK> 
</TASK_PROCESSING> 


DTD 
<platform API server>/api/2.0/fo/scan/stats/vm_recrypt_results.dtd 
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VM Scan Summary 


/api/2.0/fo/scan/summary/ 
[GET] [POST] 


Identify hosts that were not scanned and why. 
Permissions - Manager role is required. 


How it works - First we’ll find all the scans launched since the date (or within the date 
range) that you specify. Then we'll identify hosts that were included in the scan target but 
not scanned for some reason. For each host you'll see the category/reason it was not 
scanned and the host’s tracking method. 


Categories for hosts not scanned: 


Excluded - The hosts were excluded. Hosts may be excluded on a per scan basis (by the 
user launching or scheduling the scan) or globally for all scans. Managers and Unit 
Managers have privileges to edit the global excluded hosts list for the subscription. 


Cancelled - Hosts were not scanned because the scan was cancelled. Scans may be 
cancelled by a user, by an administrator or automatically by the service as specified in 
scheduled scan settings. 


Dead - The hosts were not “alive” at the time of the scan, meaning that they did not 
respond to probes sent by the scanning engine, and the option to Scan Dead Hosts was not 
enabled. 


Unresolved - Hosts were scanned but they could not be reported because the NetBIOS or 
DNS hostname, whichever tracking method is specified for each host, could not be 
resolved. 


Duplicate - The hosts were duplicated within a single segment/slice of the scan job. For 
example, two different hostnames resolving to the same IP with tracking by IP. 


Not Vulnerable - Hosts were found to be not vulnerable during host discovery without 
having to run a full scan. This could happen for example if the list of QIDs to be scanned 
are limited to certain ports and those ports are found to be closed. 


Aborted - The scan was abruptly discontinued. This is a rare occurrence that may be 
caused for different reasons. For example, it's possible that a connection timed out or 
there were connection errors on a particular port or the scan time elapsed. 


Blocked - Hosts were blocked from scanning for some reason. For example, user provided 
blacklisted IPs to scan and after the scan was launched it was blocked due to improper 
configuration. 
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Input Parameters 


Parameter Description 
action=list (Required) 
scan_date_since=[value) Required) Include scans started since a certain date. Specify the 


date in YYYY-MM-DD format. The date must be less than or 
equal to today’s date. 


scan_date_to={value} Optional) Include scans started up to a certain date. Specify the 
date in YYYY-MM-DD format. The date must be more than or 
equal to scan_date_since, and less than or equal to today’s date. 


output_format={value} Optional) The output format: XML (the default), CSV or JSON. 


tracking_method={value} (Optional) By default hosts with any tracking method will be 
returned in the output. Use this option to only include hosts with 
a certain tracking method. Valid values are: IP, DNS, NETBIOS. 


include_dead={0|1} (Optional) Set to 0 if you do not want to include dead hosts in the 
output. Dead hosts are included by default. 


include_excluded={0|1} (Optional) Set to 1 to include hosts that were excluded from a 
scan in the output. Excluded hosts are not included by default. 


include_unresolved={0|1} (Optional) Set to 1 to include unresolved hosts in the output. 
Unresolved hosts are not included by default. 


include_cancelled={0|1} (Optional) Set to 1 to include cancelled hosts in the output. 
Cancelled hosts are not included by default. 


include_notvuln={0|1 (Optional) Set to 1 to include hosts that are not vulnerable in the 
output. Not vulnerable hosts are not included by default. 


include_blocked={0|1 Optional) Set to 1 to include blocked hosts in the output. Blocked 
hosts are not included by default. 


include_duplicate={0|1} Optional) Set to 1 to include duplicate hosts in the output. 
Duplicate hosts are not included by default. 
include_aborted={0|1 Optional) Set to 1 to include aborted hosts in the output. Aborted 


hosts are not included by default. 


Sample - VM scan summary 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/summary/?action=list 
&scan_ date since=2018-04- 

27&include_ excluded=1é&include_unresolved=1 
&include_cancelled=léinclude notvuln=léinclude_ duplicate=1" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SCAN SUMMARY OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/summary/scan_ summary 
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_output.dtd"> 
<SCAN SUMMARY OUTPUT> 
<RESPONSE> 
<DATETIME>2018-05-02T10:45:40Z</DATETIME> 
<SCAN SUMMARY LIST> 
<SCAN_ SUMMARY> 
<SCAN_REF>scan/1525251885.92469</SCAN_REF> 


<SCAN_ DA E>2018-05-02T09:04:34Z</SCAN DATE> 

<HOST SUMMARY category="notvuln" tracking="IP">10.10.10.10- 
10.10.10.15,10.10.10.17</HOST_SUMMARY> 

<HOST SUMMARY category="notvuln" tracking="DNS">gf1i-31- 
1.caacl25.qualy om, gf i-31-2.caacl25.qualys.com</HOST SUMMARY> 

<HOST SU RY category="notvuln" tracking="NETBIOS">gfi-31- 


3,g£i-31-4</HOS 
<HOST_ SU 
tracking="IP">10.10.10.20,10.10.10.22</HOST_SUMMARY> 


F 
F 
M 
1 
i 
Soc 
MMA 
T SUMMARY> 
MMA 

0 
<HOST SUMMARY category="cancelled" tracking="DNS">gfi-31- 

s 

s: 

0 

À 

O 

M 

0 

of 

M 

0 


RY category="cancelled" 


1 
5.caacl125.qualys.com, gfi-31-6.caacl25.qualys.com</HOST SUMMARY> 
1 


<HOST SUMMARY category="dead" 
tracking="IP">10.10.10.25</HOST_SUMMARY> 

<HOST SUMMARY category="dead" tracking="NETBIOS">gf1i-31- 
10, gfi-31-11</HOST_SUMMARY> 

<HOST SUMMARY category="excluded" 
tracking="IP">10.10.10.26</HOST_SUMMARY> 

<HOST SUMMARY category="unresolved" tracking="NETBIOS">gfi- 
31-13</HOST_SUMMARY> 

<HOST SUMMARY category="duplicate" 
tracking="IP">10.10.10.27</HOST_SUMMARY> 

<HOST SUMMARY category="duplicate" tracking="DNS">gfi-31- 


14.caacl125.qualys.com</HOST SUMMARY> 
</SCAN_SUMMARY> 
</SCAN_ SUMMARY LIST> 


</RESPONSE> 
</SCAN SUMMARY OUTPUT> 


DTD 
<platform API server>/api/2.0/fo/scan/summary/scan_summary_output.dtd 
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Scanner Details 
/api/2.0/fo/scan/scanner 


[GET] [POST] 


Identify the scanner used to scan a particular IP address at a given time. 
Permissions - Manager role is required. 


This is supported for vulnerability scans only. This API is especially useful when you re 
scanning a large number of IPs using a pool of scanners and you re not sure which 
scanner was used to scan a particular host. 


The XML output will show the IP address scanned with the scan reference number, scan 
date, the scanner identifier (external scanner or scanner appliance name), scanner type 
(extranet or appliance) and scanner software versions. 


Input Parameters 


Parameter Description 
action=list (Required) 
scan_date_since={value} (Required) Include scans started since a certain date. Specify the 


date in YYYY-MM-DD format. The date must be less than or 
equal to today’s date. 


scan_date_to={value} (Optional) Include scans started up to a certain date. Specify the 
date in YYYY-MM-DD format. The date must be later than or 
equal to scan_date_since, and less than or equal to today’s 
date. 


ips={value} (Required) The IP addresses you want scanner details for. You 
may enter a combination of IPs and ranges. Multiple entries are 
comma separated. 


output_format=XML (Optional) The output format: XML (the default). 


Sample - List scanner details for certain IPs 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -d 
"action=list&ips=10.10.10.2-10.10.10.7,10.10.10.10 
&scan_ date since=2018-05-24&scan_ date to=2018-09-28" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/scanner/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE IP SCANNERS LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/scanner/scanner list 
_output.dtd"> 
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<RESPONSE> 


GI 


<DATETIME>2018-11-08T21:49:512</DATETIME 


<IP_ SCANNERS OUTPUT> 
<IP_SCANNED> 
<IP>10.10.10.7</IP> 


T 
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<SCAN_REF>scan/1527197914.13102</SCAN_REF> 
<SCAN DATE>2018-05-24T21:39:08Z</SCAN DATE> 
<SCANNER_IDENTIFIER>external scanner</SCANNER_IDENTIFIER> 


E> 


<SCANNER_TYPE>extranet</SCANNER TYP 
<ML_VERSION>ML-9.7.20-1</ML_VERSION 


= 


> 


<VULNSIGS VERSION>VULNSIGS-2.4.182-2</VULNSIGS VERSION> 


</IP_SCANNED> 
<IP_SCANNED> 
<IP>10.10.10.7</IP> 


<SCAN_REF>scan/1538093810.64913</SCAN_REF> 
<SCAN_DATE>2018-09-28T00:19:25Z</SCAN_DATE> 
<SCANNER_IDENTIFIER>Esxi_4 Network</SCANNER_IDENTIFIER> 


PE> 


<SCANNER_TYPE>appliance</SCANNER_TY 


<ML_VERSION>ML-9.10.21-1</ML_ VERSION> 
<VULNSIGS_ VERSION>VULNSIGS-2.4.284-2</VULNSIGS_ VERSION> 


E 


</IP_SCANNED> 
<IP_SCANNED> 
<IP>10.10.10.10</IP> 


<SCAN_REF>scan/1538093810.64913</SCAN_REF> 
<SCAN_DATE>2018-09-28T00:19:25Z</SCAN_DATE> 


<SCANNER IDENTIFIER>Esxi 4 Network</SCANNER IDENTIFIER> 
N 


PE> 


<SCANNER_TYPE>appliance</SCANNER_TY 
<ML_VERSION>ML-9.10.21-1</ML_VERSION> 
<VULNSIGS VE 
</IP_SCANNED> 
</IP_SCANNERS_OUTPUT> 


</RESPONSE> 
</IP_ SCANNERS LIST OUTPUT> 


DTD 


_VERSION>VULNSIGS-2.4.284-2</VULNSIGS_ VERSION> 


<platform API server>/api/2.0/fo/scan/scanner/scanner_list_output.dtd 
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Share PCI Scan 


The Share PCI Scan API (/api/2.0/fo/scan/pci/) povides an automated way to share (export) 
finished PCI scans to PCI Merchant accounts and check the export status. A PCI scan is a 
vulnerability scan that was run with the option profile “Payment Card Industry (PCI) 
Options”. 


Express Lite: This API is available to Express Lite users. 


In advance of sharing a PCI scan using the share PCI scan API, the target PCI Merchant 
account must be already defined as a PCI account link within the API user's Qualys 
account. Account links can be defined using the Qualys user interface only. 


Permissions - Any user with scan permissions (Manager, Unit Manager or Scanner) can 
share a PCI scan with one of their own PCI Merchant accounts and obtain share status. 
The user’s Qualys account must allow access to the PCI scan and must have a link to the 
target PCI Merchant account. 


Share Restriction - The following share restriction applies to all users. One PCI scan can be 
shared (exported) to one PCI Merchant subscription one time only, assuming the share 
request is successful. (Note: If a particular scan has been exported to any PCI account in 
the same PCI Merchant subscription as your PCI account, the scan can’t be exported.) If a 
share request fails for some reason, it's possible to submit another share request for the 
same PCI scan and PCI Merchant account. 


Share a PCI Scan 
/api/2.0/fo/scan/pci/ with action=share 


[POST] 


Export a finished PCI scan to a selected PCI Merchant account. It’s possible to export a PCI 
scan one time per PCI Merchant account, and the same PCI scan can be exported to 
multiple PCI Merchant accounts. 


Input Parameters 


Parameter Description 

action=share (Required) Specify “share” to share a PCI scan. 

echo_request={0|1} (Optional) Specify 1 to view parameters in the XML output. When 
unspecified, parameters are not included in the XML output. 

scan_ref={value} (Required) The scan reference of a finished PCI scan. The scan 
status of this scan must be “Finished”. 

merchant_username= (Required) The user name of the PCI Merchant account that the 

{value} PCI scan will be exported to. The API user’s Qualys account must 


have a PCI account link already defined for this target PCI 
Merchant account. 
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Sample - Share PCI scan 


API request: 
curl -s -H "X-Requested-With: curl demo 2" -D headers.15 -b 


"QualysSession=38255848108d68a2feaf9ee664ca78a7; path=/api; 
secure" -d 


"action=share&merchant_username=managerl@qualys&scan_ ref=scan/1281 
646610.5720" 
"https://qualysapi.qualys.com/api/2.0/fo/scan/pci/" 


XML output Successful Share: 


The XML output uses the simple return DTD and the message is “Requested share of scan 
to PCI”. 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 

"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 

<SIMPLE RETURN> 

<RESPONSE> 

<DATETIME>2018-01-17T00:50:39Z</DATETIME> 
<TEXT>Requested share of scan to PCI</TEXT> 
<ITEM LIST> 


<KEY>scan_ref</KEY> 
<VALUE>scan/1281646610.5720</VALU 
</ITEM> 


eal 
x 


<KEY>merchant_username</KEY> 
<VALUE>managerl@qualys</VALU 


eal 
V 


XML output Share Already in Progress or Completed: 

When the request to share a PCI scan fails, the XML output uses the simple return DTD 
with the error. If the failure is because sharing is in progress for the PCI Merchant account 
or the scan has already been shared to the PCI account, the output includes the message 
“This scan has already been shared with the Merchant account”. 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-01-04T14:54:01Z</DATETIME> 
<CODE>999</CODE> 


Gl 
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<TEXT>This scan has already been shared with the Merchant 
account.</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


Get PCI Share Status 
/api/2.0/fo/scan/pci/ with action=status 


[GET] [POST] 


Get the share status of a PCI scan that has already been shared with a PCI merchant 
account. 


Input Parameters 


Parameter Description 

action=status (Required) 

echo_request=(0|1} (Optional) Specify 1 to view parameters in the XML output. When 
unspecified, parameters are not included in the XML output. 

scan_ref={value} (Required) The scan reference of the shared scan that you want 
to check the export status for. 

merchant_username= (Required) The username of the PCI account which the scan was 

{value} shared with. 


Sample - PCI Share status 


API request: 


curl -s -H "X-Requested-With: curl demo 2" -u "USERNAME: PASSWD" -d 
"action=statuséscan_ ref=scan/1531755831.21639&merchant_username=as 
mith@hg" "https://qualysapi.qualys.com/api/2.0/fo/scan/pci/" 


XML output: 

The XML response for a status requests identifies the share status: Queued (request was 
received and not started yet), In Progress, Finished (scan was exported to PCI account 
successfully), or Error. 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE PCI SCAN SHARE STATUS SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/scan/pci/pci scan share s 
tatus.dtd"> 
<PCI SCAN SHARE STATUS> 
<RESPONSE> 
<SCAN> 
<MERCHANT USERNAME>asmith@hq</MERCHANT USERNAME> 
<SCAN REF>scan/1531755831.21639</SCAN REF> 
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<STATUS>In Progress</STATUS> 
<LAST SHARED>2018-07-19T05:05:58Z</LAST SHAR 
</SCAN> 
</RESPONSE> 
</PCI SCAN SHARE STATUS> 


eal 
oO 
V 


T 


DTD 
<platform API server>/api/2.0/fo/scan/pci/pci_scan_share_status.dtd 
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Discovery Scans (maps) 


Launch discovery scans, also called maps, to launch network discovery of your domains 
and/or IP addresses in asset groups. This returns an inventory of your network devices. 


Launch Map | Map Report List | Cancel Running Map | Download Saved Map Report | 
Delete Saved Map Report | Domain List | Add/Edit Domain 


Launch Map 
/msp/map-2.php 
[GET] [POST] 


Launch a Qualys network map for one or more domains, initiating network discovery. The 
map target may include asset groups and the default scanner option may be enabled for 
distributed mapping across multiple scanner appliances. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


A map request for multiple domains issued using the map-2.php API, runs one map ata 
time, one domain at a time. If you cancel a running map for a domain using the 
scan_cancel.php function and there are multiple domains in the map target, the service 
cancels the maps for any remaining, undiscovered domains in the same map target. 


For a map request with multiple domains, the XML map report returned by the map-2.php 
function includes all domains that were successfully discovered. When you view the map 
results for this request using the map_report.php function or the Qualys user interface, 
each map report includes map results for one domain. Also, if the map summary 
notification is enabled in your account, there is a separate notification for each target 
domain. 


Permissions - Managers can map all domains in the subscription. Unit Managers can map 
domains in the user’s same business unit. Scanners can map domains in their own 
account. 
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Description 


map_title=[title) 


Optional) Specifies a title for the map. The map title can have a 
maximum of 2,000 characters. When specified, the map title 
appears in the header section of the map results. When 
unspecified, the API returns a standard, descriptive title in the 
header section. 


domain={target} 


Optional) Specifies one or more domain names for the map 
target. Multiple entries are comma separated. (Target may 
include domain names and/or asset groups) 


For each domain, include the domain name only; do not enter 
“www.” at the start of the domain name. Netblocks may be 
specified with each domain name to extend the scope of the 
map. Multiple domains must be comma separated. 


This parameter and/or asset_groups must be specified. 


asset_groups=(title1,title2...} 


(Optional) Specifies the titles of asset groups for the map target. 
Multiple asset groups must be comma separated. (Target may 
include domain names and/or asset groups) 


This parameter and/or the domain parameter must be 
specified. 


iscanner_name=(name} 


(Optional) Specifies the name of the Scanner Appliance for the 
map, when the map target has private use internal IPs. Using 
Express Lite, Internal Scanning must be enabled in your 
account. 


One of these parameters may be specified in the map request: 
iscanner_name or default scanner. 


default_scanner=1 


(Optional) Enables the default scanner feature, which is only 
valid when the map target consists of asset groups. A valid 
value is 1 to enable the default scanner, or 0 (the default) to 
disable it. Using Express Lite, Internal Scanning must be 
enabled in your account. 


One of these parameters may be specified in the same map 
request: iscanner_name or default scanner. 


option={title} 


(Optional) Specifies the title of an option profile to be applied to 
the map. The profile title must be defined in the user account, 
and it can have a maximum of 64 characters. If unspecified, the 
default option profile in the user account is applied. 
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Parameter Description 


network_id={value} (Optional, and valid only when the Network Support feature is 
enabled for the user’s account) Restrict the request to a certain 
custom network by specifying the network ID. When 
unspecified, we default to “0” for Global Default Network. 


save_report=yes (Optional) Saves a map report for each target domain on the 
Qualys server for later use. A valid value is “yes” to save a map 
report for each target domain, or “no” (the default) to not save 
the report. 
If set to “yes”, you can close the HTTP connection when the map 
is in progress, without cancelling the map. When the map 
completes the resulting map report is saved on the Qualys 
platform, and a map summary email notification is sent (if this 
option is enabled in your user account). 
Saved map reports can be retrieved using map_report_list.php 
and map_report.php. 


Samples - Launch map 


Request a map of the domain “www.mycompany.com” using the external scanners and to 
receive a map report: 


https://qualysapi.qualys.com/msp/map-2.php?domain=mycompany.com 
Request a map of the domain “www.mycompany.com” using the external scanners, save 
map report on the Qualys platform: 
https://qualysapi.qualys.com/msp/map-2.php?domain=mycompany.com 
&save report=yes 
Request a map for the following domain/netblock pair using the scanner appliance “Hong 
Kong” and custom domain mycompany: 


https://qualysapi.qualys.com/msp/map-2.php?domain=mycompany.com:19 
2.168.0.1-192.168.0.254&iscanner name=Hong+Kong 


Request a map for this domain/netblock pair using the scanner appliance “San Francisco” 
and none domain: 


https://qualysapi.qualys.com/msp/map-2.php?domain=none:192.168.0.1 
-192.168.0.254&iscanner name=Sant+Franscisco 


Request a map for the domain “mydomain.com” using a network ID and to receive a map 
report: 


https://qualysapi.qualys.com/msp/map-2.php?domain=mydomain.com: 
10.10.10.10-10.10.10.20&iscanner name=my_scanner&network id= 
4234545&save_ report=yes 
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Discovery Scans (maps) 


DTD 
<platform API server>/map-2.dtd 


<platform API server>/map-2.dtd 


Map Report List 
/msp/map_report_list.php 
[GET] [POST] 


List saved map reports in the user’s account. Each entry in the map report list identifies a 
saved map report for a specific domain. There is a separate saved map report for each 
domain in the map target. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Permissions - Managers can view all saved map reports in the subscription. Unit Managers 
can view saved map reports for domains in user’s business unit. Scanners and Readers 
can view saved map reports for domains in user’s account. 


Input Parameters 


Parameter Description 


last=yes (Optional) Used to retrieve information only about the last saved 
map report. A valid value is “yes” to retrieve the last saved map 
report, or “no” (the default) to retrieve all map reports. 


domain=({target} (Optional) Used to receive a list of all saved map reports for the 
specified target domain. If both parameters domain=({target} and 
last=yes are specified, you will receive information about the last 
saved map for the target domain. 


Sample 
Receive information about the last saved map for the domain “www.companyabc.com”: 


https://qualysapi.qualys.com/msp/map report list.php? 
domain=www.companyabc.comélast=yes 


DTD 
<platform API server>/map_report_list.dtd 


Scans 
Discovery Scans (maps) 


Running Map Report List 
/msp/scan_running_list.php 


[GET] [POST] 


List maps and scans that are currently running in the user's account. If you're interested 
in listing scans only (not maps), we recommend using VM Scan List (/api/2.0/fo/scan/) 
instead. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Permissions - Managers can view all running maps/scans in the subscription. Unit 
Managers can view running maps/scans on assets in the user’s business unit. Scanners 
and Readers can view running maps/scans on assets their account. 


Sample - Running map/scan list 


https://qualysapi.qualys.com/msp/scan running list.php? 


DTD 
<platform API server>/scan_running list.dtd 


Cancel Running Map 
/msp/scan_cancel.php 


[GET] [POST] 


Cancel a map in progress. It’s not possible to cancel a map when it has the scan status 
“Loading”. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Permissions - Managers can cancel all running maps in the subscription. Unit Managers 
can cancel running maps launched by users in their same business unit. Scanners can 
cancel running maps they have launched. 


Input Parameter 


Parameter Description 


ref={value} (Required) Specifies the map reference for the map to be 
cancelled (or a scan reference for the scan to be cancelled). A 
map reference starts with “map/”. 
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Sample - Cancel a map in progress 


https://qualysapi.qualys.com/msp/scan cancel.php?ref=map/987659876 
.19876 


DTD 
<platform API server>/generic_return.dtd 


Download Saved Map Report 
/msp/map_report.php 
[GET] [POST] 


Download a saved map in the user's account, when the map has the scan status 
“Finished”. Each saved map report identifies map results for a specific domain. If you issue 
a map request for multiple domains using the map-2.php API, there is a separate saved 
map report for each domain in the map target. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Permissions - Managers can download all saved map reports in subscription. Unit 
Managers can download saved map report for domain in user's business unit. Scanners 
and Readers can download saved map report for domain in user's account. 


Input Parameter 


Parameter Description 


ref=[value) (Required) Specifies the map reference for the scan you want to 
download. A map reference starts with “map/”. 


Sample - Download saved map report 


https://qualysapi.qualys.com/msp/map_ report.php? 
ref=map/987659876.19876 


DTD 
<platform API server>/map.dtd 
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Delete Saved Map Report 
/msp/scan_report_delete.php 
[GET] [POST] 


Delete a previously saved network map or scan report, when the scan status is “Finished”. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Permissions - Managers can delete saved map reports in the subscription. Unit Managers 
can delete saved map reports for domains in the user’s business unit, including the user’s 
own maps and maps run by other users in the same business unit. Scanners can delete 
saved map reports in user’s account. 


Input Parameter 


Parameter Description 


ref={value} (Required) Specifies the map reference for the map to be deleted. 
A map reference starts with “map/”. 


Sample - Delete saved map report 


https://qualysapi.qualys.com/msp/scan_report delete.php? 
ref=map/999666888.12345 


DTD 
<platform API server>/generic_return.dtd 
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Domain List 
/msp/asset_domain_list.php 


[GET] [POST] 


List asset domains in the user account. 


Basic HTTP authentication is required. Session based authentication is not supporte using 
this API. 


Permissions - Managers can view all domains in subscription. Unit Managers can view 
domains in user's business unit. Scanners, Readers can view domains in their own 
account. 


Sample - List all domains in account 


https://qualysapi.qualys.com/msp/asset domain list.php 


DTD 
<platform API server>/domain_list.dtd 


Add/Edit Domain 


/msp/asset_domain.php 


[GET] [POST] 


Add and edit domains and related netblocks in the subscription. The domains defined 
may be used as targets for network scans (maps). 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Permissions - Manager user role is required. 


Input Parameter 


Parameter Description 
action={add | edit} (Required) 
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Parameter 


Scans 
Discovery Scans (maps) 


Description 


domain={domain} 


Required) Specifies the domain name to add or edit. Include the 
domain name only; do not enter “www.” at the start of the domain 
name. 


netblock={ranges} 


Optional for add request, and Required for an edit request) 


Specifies the netblock(s) associated with the domain name. 
Multiple netblocks are comma separated. Looking for more help? 
Search for “none domain” or “netblock” in online help (log in to 
your account and go to Help > Online Help). 


For an edit request, it’s not possible to add or remove netblocks for 
a domain. To clear associated netblocks for an existing domain, 
specify netblock= 


Sample - Add domain 


https://qualysapi.qualys.com/msp/asset_domain.php?action=addédomai 


n=mydomain.com 


Sample - Edit domain 


https://qualysapi.qualys.com/msp/asset_ domain.php?action=edit&doma 
in=acme.com&netblock=10.10.10.0/24,10.1.1.0-10.1.1.100 


DTD 


<platform API server>/generic_return.dtd 
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Scan Configuration 


Scan Configuration 


Manage scan configurations in your account - scanner appliances, KnowledgeBase, search 
lists and option profiles. 


Scanner Appliance List 

Manage Virtual Scanner Appliances 

Update Physical Scanner Appliance 

Replace Scanner Appliance 

Scanner Appliance VLANs and Static Routes 
Option Profile Export | Option Profile Import 
Option Profiles for VM | PCI | PC 
KnowledgeBase | Editing Vulnerabilities 
Static Search Lists 


Dynamic Search Lists | Vendor IDs and References 
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Scanner Appliance List 


/api/2.0/fo/appliance/?action=list 
[GET] [POST] 


List scanner appliances in your account with their configurations. The list output is shown 
in “brief” mode by default. Specify output_mode=full to include full output (the same 
information available within the Qualys user interface). 


Permissions - Managers can view all scanner appliances in the subscription. Unit 
Managers can view appliances in the user’s own business unit. Scanners and Readers can 
view appliances in their own account. 


Express Lite - This API is available to Express Lite users when Internal Scanning is enabled 
in the user’s account. 


Input Parameters 


Parameter Description 

action=list (Required) A flag used to make a request for a list of scanner 
appliances. The GET or POST method may be used for a list 
request. 

echo_request={0|1} (Optional) Specifies whether to echo the request’s input 


parameters (names and values) in the XML output. When not 
specified, parameters are not included in the XML output. 
Specify 1 to view parameters in the XML output. 


output_mode={brief| full} (Optional) The amount of detail provided for each scanner 
appliance in the output: brief (default) or full. 


The “brief” output includes this information for each appliance: 
appliance ID, friendly name, software version, the number of 
running scans, and heartbeat check status (online or offline). 


The “full” output includes the full appliance information, 
including the same details available in the Qualys user interface. 


scan_detail={0|1} Optional) Set to 1 to include scan details for scans currently 
running on the scanner appliance. Set to 0 (default) to not 
include scan details. Scan detail includes scan ID, title, scan 
reference, scan type and scan date. 


show_tags={0|1} Optional. When specified, output_mode=full is required.) 
Set to 1 (default) to include asset tag information for each 
scanner appliance in the output. Set to 0 to not include asset tag 
information in the output. 


include_cloud_info={0|1} Optional. When specified, output_mode=full is required.) 

Set to 1 to include cloud information in the output for virtual 
scanner appliances deployed on cloud platforms e.g. Amazon 
EC2, Microsoft Azure Cloud Platform and Google Cloud Platform. 
Set to 0 (default) to not include cloud info. 
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Parameter 
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Scanner Appliance List 


Description 


busy=[0|1) 


(Optional) By default all scanner appliances in the user account 
are shown. Set to 0 to show only appliances which are not 
currently running scans. Set to 1 (default) to show only 
appliances which are currently running scans. 


scan_ref=[value) 


(Optional) Specify a scan reference code to show only the 
scanner appliances running a particular scan.You may enter a 
valid scan reference code for a currently running scan. 


The scan reference code starts with a string that identifies the 
scan type: “scan/” for a vulnerability scan, “compliance/” for a 
compliance scan, “was/” for a web application scan, “qscap/” for 
an FDCC scan, or “map/” for a network map. 


name=({string} 


(Optional) List only scanner appliances (physical and virtual) 
that have names matching the string provided. Tip - Substring 
match is supported. For example, if you have 2 appliances 
named “myscanner” and “anotherscanner” and you supply the 
string “name=scan” both appliance both appliances will be 
returned in the XML output. 


ids=(id1,id2,..} 


(Optional) List only scanner appliances (physical and virtual) 
that have certain IDs. Multiple IDs are comma separated. 


include_license_info={0|1} 


(Optional) Set to 1 to return virtual scanner license information 
in the XML output. This tells you the number of licenses you 
have and the number used. This information is not returned by 
default. When specified the XML output will include the 
LICENSE_INFO element. 


type={physical | virtual | 
offline} 


(Optional) Type of scanner appliances: physical, virtual, offline. 
Appears when output_mode=full is specified in API request. 


platform_provider 


(Optional) Specify a platform to show scanners deployed on 
that platform. The valid values are: ec2, ec2_compat, gce, 
azure, vCenter. 


ec2 - Amazon EC2, ec2_compat - OpenStack, gce - Google 
Cloud Platform, azure - Microsoft Azure Cloud Platform, 
vCenter - VMware vCenter 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -q 


"action=listé&echo request=1lé&ids=777,1127,1131&include license info 
=1" "https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


109 


Scan Configuration 
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XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE APPLIANCE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/appliance list_ 
output.dtd"> 
<APPLIANCE LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2014-01-02T09:26:012</DATETIME> 
<APPLIANCE LIST> 
<APPLIANCE> 
<ID>777</ID> 
<NAME>scanner1l</NAME> 
<SOFTWARE VERSION>2.6</SOFTWARE VERSION> 
<RUNNING SCAN COUNT>0</RUNNING SCAN COUNT> 
<STATUS>Online</STATUS> 
</APPLIANCE> 
<APPLIANCE> 
<ID>1127</ID> 
<NAME>scanner2</NAME> 
<SOFTWARE VERSION>2.6</SOFTWAR _VERSION> 
<RUNNING SCAN COUNT>0</RUNNING SCAN COUNT> 
<STATUS>Online</STATUS> 
</APPLIANCE> 
<APPLIANCE> 
<ID>1131</ID> 
<NAME>scanner3</NAME> 
<SOFTWARE VERSION>2.6</SOFTWARE VERSION> 
<RUNNING SCAN COUNT>0</RUNNING SCAN COUNT> 
<STATUS>Offline</STATUS> 
</APPLIANCE> 
</APPLIANCE LIST> 
<LICENSE_INFO> 
<QVSA_LICENSES COUNT>10</QVSA_LICENSES COUNT> 
<QVSA_LICENSES USED>3</QVSA_LICENSES USED> 
</LICENSE_ INFO> 
</RESPONSE> 
</APPLIANCE LIST OUTPUT> 


T 


È 
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API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=listé&type=virtual&platform provider=ec2éinclude cloud info 
=léoutput_mode=full" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 
Sample shows Cloud Info for Amazon EC2. 


T 


<IS CLOUD DEPLOYED>1</IS CLOUD DEPLOYED> 
<CLOUD INFO> 
<PLATFORM PROVIDER>ec2</PLATFORM PROVIDER> 
<EC2_INFO> 
<INSTANCE_ID>i-02441120f4e14e32c</INSTANCE ID> 
<INSTANCE_TYPE>m3.medium</INSTANCE_TYPE> 
> 
T 
ë 


1] 


ID>205767712438</ACCOUNT ID> 
<INSTANCE REGION>US East (N. 
Virginia) </INSTANCE REGION> 


<INSTANCE AVAILABILITY ZONE>us-east— 


C 
1c</INSTANCE AVAILAB 
<INSTANC 

<IP_ADDR 
M 

O 


T 


ILITY ZONE> 
E ZONE TYPE>Classic</INSTANCE_ ZONE TYPE> 
S PRIVATE>10.181.43.219</IP_ ADDRESS PRIVATE> 
<HOSTNA PRIVATE>ip-10-181-43- 
219.ec2.internal</HOSTNAME PRIVATE> 
<API PROXY SETTINGS> 
<SETTING>Enabled</SETTING> 
<PROXY> 
PROTOCOL>ht tp</PROTOCOL> 
IP_ADDRESS>1.1.1.1</IP_ADDRESS> 
HOSTNAME>test_hostname.com</HOSTNAM 
PORT>234</PORT> 
<USER>* ****</USER> 
</PROXY> 
</API_ PROXY _SETTINGS> 


Fl 
V 


Ll: 
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API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 
"action=listéoutput_mode=full" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 
Sample shows type of scanner appliance. 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE APPLIANCE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/appliance list_ 
output.dtd"> 
<APPLIANCE LIST OUTPUT> 

<RESPONSE> 
<DATETIME>2017-08-31T09:14: 492Z</DATETIME> 
<APPLIANCE LIST> 

<APPLIANCE> 

<ID>132455</ID> 

<UUID>6ae4efce-0c5e-e227-82e0-1b7£55f1b98b</UUID> 
<NAME>VS_ND_1</NAME> 
<SOFTWARE VERSION>2.6</SOFTWAR _VERSION> 
<RUNNING SLICES COUNT>0</RUNNING SLICES COUNT> 
< 
< 
< 


T 


T 


RUNNING SCAN COUNT>0</RUNNING SCAN COUNT> 
STATUS>Offline</STATUS> 
MODEL NUMBER>cvscanner</MODEL NUMBER> 
PE>Virtual</TYPE> 
ERIAL NUMBER>0</SERIAL NUMBER> 
<ACTIVATION CODE>15440265032293</ACTIVATION CODE> 
<INTERFACE SETTINGS> 
<INTERFACE>1lan</INTERFACE> 
<IP_ADDRESS>1.1.1.1</IP_ ADDRESS> 
<NETMASK>128.0.0.0</NETMASK> 
<GATEWAY>128.0.0.0</GATEWAY> 
<LEASE>Static</LEASE> 
<IPV6 ADDRESS></IPV6_ ADDRESS> 
<SPEED></SPEED> 
<DUPLEX>Unknown< /DUPLEX> 


T 
T 


A 
[6p] 
=] 


<DOMAIN></DOMAIN> 
<PRIMARY>128.0.0.0</PRIMARY> 


<SECONDARY>128.0.0.0</SECONDARY> 
</DNS> 
</INTERFACE SETTINGS> 


DTD: 


<platform API server>/api/2.0/fo/appliance/appliance_list_output.dtd 
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Manage Virtual Scanner Appliances 


Use the Scanner Appliance API (/api/2.0/fo/appliance/ ) to create, update and delete 
virtual scanner appliances. 


Tell me about permissions. Managers can perform all actions (create, update, delete). Unit 
Managers and Scanners must have the “Manage virtual scanner appliances” permission to 
create, update and delete virtual scanners. This permission is only available to Scanner 
users when your subscription is configured to allow it. 

Add New Virtual Scanner Appliance 

/api/2.0/fo/appliance/ with action=create 


[POST] 


Create a new virtual scanner appliance in your account. 


Permissions - Managers can create new virtual scanner appliance. Unit Managers and 
Scanners must have the “Manage virtual scanner appliances” permission. This permission 
is only available to Scanner users when your subscription is configured to allow it. 


Input Parameters 


Parameter Description 
action=create (Required) 
name={string} (Required) The friendly name. This name can’t already be 


assigned to an appliance in your account. It can be a maximum 
of 15 characters, spaces are not allowed. 


polling interval={value} (Optional) The polling interval, in seconds. A valid value is 60 to 
3600 (we recommend 180 which is the default). This is the 
frequency that the virtual scanner will attempt to connect to our 
Cloud Security Platform. The appliance calls home to provide 
health updates/heartbeats to the platform, to get software 
updates from the platform, to learn if new scan jobs have been 
requested by users, and to upload scan results data to the 
platform, if applicable. 


asset_group_id={value} (Required for Unit Managers and Scanners for Create request) 
The ID of an asset group the virtual scanner will be assigned to. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "action=create&echo request=1&name=scannerl1" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE APPLIANCE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/appliance creat 
e output.dtd"> 
<APPLIANCE CREATE OUTPUT> 

<RES PONSE> 
<DATETIME>2014-01-02T09:26:01Z</DATETIME> 

ID>777</ID> 

NAME>scanner1l</NAME> 

ACTIVATION CODE>ACTIVATION-CODE</ACTIVATION CODE> 

REMAINING QVSA_ LICENSES>4</REMAINING QVSA_ LICENSES> 

</RESPONSE> 

</APPLIANCE_ CREATE OUTPUT> 


DTD: 


<platform API server>/api/2.0/fo/appliance/appliance_create_output.dtd 


Update Virtual Scanner Appliance 
/api/2.0/fo/appliance/ with action=update 
[POST] 


Update a virtual scanner appliance in your account. You can add tags, remove and reset 
tags for your scanner appliances. 


Permissions - Managers can update a virtual scanner appliance. Unit Managers and 
Scanners must have the “Manage virtual scanner appliances” permission. This permission 
is only available to Scanner users when your subscription is configured to allow it. 


Input Parameters 


Parameter Description 

action=update (Required) 

id={id} (Required) A valid ID of a virtual scanner. 

name={string} (Optional) The friendly name. This name can’t already be 


assigned to an appliance in your account. It can be a maximum 
of 15 characters, spaces are not allowed. 
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Description 


polling interval={value} 


(Optional) The polling interval, in seconds. A valid value is 60 to 
3600 (we recommend 180 which is the default). This is the 
frequency that the virtual scanner will attempt to connect to our 
Cloud Security Platform. The appliance calls home to provide 
health updates/heartbeats to the platform, to get software 
updates from the platform, to learn if new scan jobs have been 
requested by users, and to upload scan results data to the 
platform, if applicable. 


comment=({value} 


Optional) User-defined comments. 


set_tags=(value} 


Optional) Specify tag to be assigned to the scanner appliance. 
Both virtual and physical scanners can be tagged. 


These parameters are mutually exclusive and cannot be 
specified in the same request: set_tags and add_tags, 
remove_tags. 


add_tags={value} 


(Optional) Specify tag to be added to the existing list of tags 
assigned to the scanner. Multiple entries are comma separated. 


These parameters are mutually exclusive and cannot be 
specified in the same request: set_tags and add_tags, 
remove_tags. 


remove_tags={value} 


(Optional) Specify tag to be removed from the existing list of tags 
assigned to scanner. Multiple tags are comma separated. 


These parameters are mutually exclusive and cannot be 
specified in the same request: set_tags and add_tags, 
remove_tags. 


tag_set_by={id|jname} 


(Optional) Specify “id” (the default) to select a tag set by providing 
tag IDs. Specify “name” to select a tag set by providing tag names. 


Sample - Update virtual scanner appliance name 


API request: 
curl -u "US 
-d "action= 


ERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


upda 


te&echo request=1&1id=12345&name=scanner15" 


"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPL 


E RETURN SYSTEM 


"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 


<RES PONSE> 


ETIME>2014-04-03T12:12:452Z</DATETIME> 
irtual scanner updated successfully</TEXT> 
EST 
EM> 


TLS 
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<KEY>ID</KEY> 
<VALUE>17110</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


E 
V 


Sample - Add tags for windows agent, remove tags for linux agents 
API request: 


curl -u "USERNAME : PASSWORD" -H "X-Requested-With: curl" -X POST -d 
"action=update&id=3105&tag_set_by=name&add tags=windows_agent&remo 
ve tags=linux agents" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2016-09-15T19:44:35Z</DATETIME> 
<TEXT>Virtual scanner updated successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>3105</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


ea) 
V 


Sample - Assign tags to virtual scanner appliance 


API request: 
curl -u "USERNAME : PASSWORD" -H "X-Requested-With: curl" -X POST -d 
"action=update&id=3112&tag_set_by=name&set_ tags=local host,local I 
P" "https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 


<RES PONSE> 
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<DATETIME>2016-09-15T19:47:37Z</DATETIME> 
<TEXT>Virtual scanner updated successfully</TEXT> 
<ITEM LIST> 

<ITEM> 
<KEY>ID</KEY> 
<VALUE>3112</VALUI 


[J 


> 


</ITEM LIST> 
</RESPONSE> 


Delete Virtual Scanner Appliance 
/api/2.0/fo/appliance/ with action=delete 
[POST] 


Delete a virtual scanner appliance in your account. 


Permissions - Managers can delete new virtual scanner appliance. Unit Managers and 
Scanners must have the “Manage virtual scanner appliances” permission. This permission 
is only available to Scanner users when your subscription is configured to allow it. 


Deleting a virtual scanner results in these actions: 1) The scanner will be removed from 
associated Asset Groups, and 2) Scheduled Scans using this scanner will be deactivated. 


Is your virtual scanner running scans? If yes it’s not possible to delete it. We recommend 
you check to be sure the virtual scanner you want to delete is not running scans. 


Input Parameters 


Parameter Description 
action=delete (Required) 
id={id} (Required) A valid ID of a virtual scanner. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "action=delete&echo request=1&id=12345" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 
The XML output uses the simple return (/api/2.0/simple_return.dtd). 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE APPLIANCE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/simple return.dtd"> 
<SIMPLE RETURN> 


T 


T 
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<RESPONSE> 
<DATETIME>2014-01-02T09:26:012</DATETIME> 
<TEXT>Virtual scanner deleted successfully</ID> 
<ITEM LIST> 
<ITEM> 
<KEY>ID<KEY> 
<VALUE>115<VALUE> 


<KEY>DEACTIVATED SCHEDULED SCANS<kKI 
<VALUE>None<VALUE> 


[33 
K 
V 


1] 


<KEY>AFFECTED ASSET GROUPS<KFEY> 
<VALUE>None<VALUE> 
</ITEM> 
<ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


Update Physical Scanner Appliance 


/api/2.0/fo/appliance/physical/ with action=update 
[POST] 


Using the Physical Scanner Appliance API (/api/2.0/fo/appliance/physical/), Managers and 
Unit Managers can update physical scanner appliances. 


Input Parameters 


Parameter Description 

action=update (Required) 

id={id} (Required) A valid ID of a physical scanner. 
name={string} (Optional) The friendly name. This name can’t already be 


assigned to an appliance in your account. It can be a maximum 
of 15 characters, spaces are not allowed. 
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Description 


polling interval=[value) 


(Optional) The polling interval, in seconds. A valid value is 60 to 
3600 (we recommend 180 which is the default). This is the 
frequency that the physical scanner will attempt to connect to 
our Cloud Security Platform. The appliance calls home to provide 
health updates/heartbeats to the platform, to get software 
updates from the platform, to learn if new scan jobs have been 
requested by users, and to upload scan results data to the 
platform, if applicable. 


set_vlans={value} 


Use this parameter to specify one or more VLANs for scanner. See 
Manage Virtual Scanner Appliances. 


set_tags= {value} 


(Optional) Specify tag to be assigned to the scanner appliance. 
Both virtual and physical scanners can be tagged. 


These parameters are mutually exclusive and cannot be 
specified in the same request: set_tags and add_tags, 
remove_tags. 


add_tags= {value} 


(Optional) Specify tag to be added to the existing list of tags 
assigned to the scanner. Multiple entries are comma 
separated. 


These parameters are mutually exclusive and cannot be 
specified in the same request: set_tags and add_tags, 
remove_tags. 


remove_tags= {value} 


(Optional) Specify tag to be removed from the existing list of tags 
assigned to scanner. Multiple entries are comma 
separated. 


These parameters are mutually exclusive and cannot be 
specified in the same request: set_tags and add_tags, 
remove_tags. 


tag_set_by= {idjname} 


(Optional) Specify “id” (the default) to select a tag set by providing 
tag IDs. Specify “name” to select a tag set by providing tag names. 


set_routes={value} 


Use this parameter to specify one or more routes for scanner. See 
Manage Virtual Scanner Appliances 


comment={value} 


(Optional) User-defined comments. 


Sample 1 
API Request: 


eurl =u "US 
-d "action= 


ERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


update &id=5115&comment=Hello" 


"https://qualysapi.qualys.com/api/2.0/fo/appliance/physical/" 


Sample 2 


Add VLAN and routes with Name, Polling interval and comments to Physical scanner: 


API Request: 


curl -u "US 


ERNAME: PASSWORD" -H "X-Requested-With: Curl" -X POST -d 
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"action=updateéid=5115&name=physcanneré&polling interval=360é&set_ ro 
utes=10.10.10.10/255.255.255.0/10.10.10.10|routesl&set_ vlans=1|10. 
2.0.2/255.255.255.0|Testvlanl&comment=Update_ scanner" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/physical/" 


Sample 3 
Update physical scanner using tag_set_by and add_tags parameters: 


API Request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "“action=update&id=5115étag_ set _by=idéadd_tags=7691422" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/physical/" 


Sample 4 
Update physical scanner using tag_set_by and set_tags parameters: 


API Request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "“action=update&id=5115é&tag_ set _by=idéset tags=7691422" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/physical/" 


Sample 5 
Update physical scanner using tag_set_by and remove_tags parameters: 


API Request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "“action=update&id=5115é&tag_ set by=id&remove_ tags=7691422" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/physical/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-10-01T00:12:292Z</DATETIME> 
<TEXT>Physical scanner updated successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>5115</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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Replace Scanner Appliance 


Using the Replace Scanner Appliance API (/api/2.0/fo/appliance/replace_iscanner), 
Managers and Unit Managers can replace a scanner appliance with a new one. Tell us the 
name of the appliance you want to replace and the one you want to use. 


Good to Know 

- You can replace one scanner appliance at a time. 

- Do not replace a scanner appliance while scans (using the appliance) are in progress. 
- The old scanner and the new scanner must be in the same network, if applicable. 

- You can only replace an EC2 scanner with another EC2 scanner. 


Input Parameters 


Parameter Description 
action=replace Required) 
echo_request={0|1} Optional) Specifies whether to echo the request’s input 


parameters (names and values) in the XML output. When not 
specified, parameters are not included in the XML output. Specify 
1 to view parameters in the XML output. 


old_scanner_name={value} (Required) The name of the scanner you want to replace. 


new_scanner_name={value} (Required) The name of the scanner you want to use. 


do_not_copy_settings={0|1} (Optional) When not specified, we will transfer settings from the 
old scanner to the new scanner for you. Specify 1 if you do not 
want us to transfer appliance settings. Settings include the 
polling interval, heartbeat checks, scanning options, VLANs and 
static routes, associated asset groups, schedules and network, if 
applicable. 


do_not_remove_new_scann (Optional) When not specified, we will remove the new appliance 

er_from_objects=(0|1} from business objects (asset groups and schedules) that it’s 
already associated with. Specify 1 if you do not want us to 
remove the new appliance from business objects. 


This parameter cannot be set for EC2 scanners. 


Sample - Replace scanner with new one 


Replace “scanner1” with “scanner2” and copy scanner appliance settings but do not 
remove the new scanner from business objects. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/replace iscanne 
r/?action=replace&echo request=lé&old_ scanner name=scannerlénew_ sca 
nner name=scanner2&do not copy settings=0&édo not remove new_scanne 
r from objects=1" 
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XML output: 


<?xml version="1.0" encoding="UTF-8" 
E OUTPUT SYSTEM 
ualysapi.qualys.com/api/2.0/fo/appliance/replace iscanne 


<!DOCTYE 
"https: / 


r/replace_iscanner outpu 


DI 


my 
E 


/q 


SCANN 


EPLAC 


ER R 


t.dtd 


<SCANN 


F 


EP 


AC 


<REQUE 
<DAT 
<USE 


RR 


ST> 


E OUTPUT> 


F 


R 


<R 


ESOURC 


F>ht 


< 


,OGIN>abcd</US!I 


"> 


'TIME>2018-01-16T06:52:53Z</DAT 


?> 


ETIME 


ESOURC 


E> 


<PARAM> 


<K] 


<VAL 


</ 


<PA 


PA 


<VAL 


</ 


PA 


K] 


<VAL 


</ 


PA 


<VAL 


</ 


<KI 


PA 


EY>echo request</K 


U 


U 


E>1</VALUE> 


RAM> 
RAM> 
EY>old_scanner_name</K 


EY> 


E>scannerl</VALU 


RAM> 
RAM> 
EY>new_scanner_ name</K 


E> 


E>scanner2</VALU 


U 


U 


RAM> 
<PARAM> 
EY>action</KEY> 


RAM> 
RAM> 


E>0</VALUE> 


RAM> 
<PARAM> 
<KI 


E>1</VALUE> 


<VAL 


PA 


EQU 


EST> 


PONS 


ES 


E>replace</VALU 


DATE 


E> 
TIM 


RAM> 
RAM LIST> 


<N 


EW 


1</NEW_S 


ETTINGS>POLLING_ INT! 
iT TINGS> 


<SCH 


EDUL 


a 


Scan2</SCH 


D 


F 


,D 


<ASSI 


ET G 


UPS>AG123, 


E> 


ER LOGIN> 


EY> 


EY> 


E>2018-01-16T06:52:532Z</DAT 


EY>do_not_ copy settings</KEY> 


EY>do not remove new scanner from objects</K 


ETIME> 


ERVAL: 
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_SCANS>Scheduled-Scan1, 
ULED SCANS> 


RO AG456</ASS] 


180, HEARTB 


F 


Scheduled- 


ET_GROUPS> 
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tps://qualysapi.qualys.com/api/2.0/fo/appliance/replac 
e iscanner/</R 
PARAM LIST> 


GI 


Y> 


EAT: 
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<SUCCESS>Scanner Appliance replaced successfully.</SUCCESS> 
</RESPONSE> 
</SCANNER_ REPLACE OUTPUT> 


DTD 
A replace scanner appliance API request uses this DTD: 


<platform API 
server>/api/2.0/fo/appliance/replace_iscanner/replace_iscanner_output.dtd 


Scanner Appliance VLANs and Static Routes 
/api/2.0/fo/appliance/?action=update (virtual appliance) 


/api/2.0/fo/appliance/physical/?action=update (physical appliance) 


Manage your VLANs and static routes for virtual and physical scanner appliances using 
the Virtual Scanner Appliance API () or Physical Scanner Appliance API 
(/api/2.0/fo/appliance/physical/?action=update). Use the parameters “set_vlans” and 
“set_routes” to add, update and remove these settings. 


What do I need? Your Qualys account must have the VLANs and Static Routes feature 
enabled. Please contact our Support Team or your Qualys TAM if you would like us to 
enable this feature for you. 


Permissions - Managers can add/remove VLANs and static routes for all scanner 
appliances in the subscription. Unit Managers can add/remove VLANs and static routes in 
the user’s same business unit. 


Set VLANs on Scanner Appliance 
Use the “set_vlans” parameter to specify one or more VLANs. 
The format for a single VLAN is ID|[Pv4_ADDRESS|NETMASK|NAMElipv6_static or 


ipv6_auto|IPv6_ADDRESS, with pipe (|) used as a delimiter. All attributes are required. 
Multiple VLANs can be assigned using a comma separated list. 


Good to know - An API call with the parameter “set_vlans” set to ” (empty string) will 
replace (i.e. remove) *all* of the VLANs that are assigned to the scanner appliance. 


Attribute Description 

ID Customer-defined ID (not assigned by Qualys). Must be in the 
range 0 to 4096, inclusive. 

IPv4_ADDRESS A valid IPv4 IP address (dotted quad), such as 10.10.10.1. Leave 


empty when specifying an IPv6 address. 


NETMASK A valid network mask (dotted quad), such as 255.255.255.0. Leave 
empty when specifying an IPv6 address. 
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Attribute Description 

NAME A valid name (can be empty). The name can be a maximum of 
256 ASCII characters. The character : (colon) is permitted. These 
characters are not permitted: , (comma), < (less than), > (greater 
than), " (double quote), & (ampersand), |(pipe), = (equals). 


ipv6_static or ipv6é_auto Specify ipv6_static to provide a static IPv6 address. Specify 
ipv6_auto to auto-configure IPv6 using SLAAC on the VLAN. 

IPv6_ADDRESS A valid IPv6 address is required when ipv6_static is specified, 
such as fdd1:0:1:107::500. Leave empty when ipv6_auto is 
specified. 


API request (1 IPv4 VLAN): 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"1d=43463é&set vlans=0/10.10.10.1/255.255.255.0|vlanli" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=update" 


API request (mix of IPv6 and IPv4 VLANs): 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"1d=43463&set_vlans=1234| | |Name1234|ipvo static|fdd1:0:1:108::500, 
5678|123.123.123.123|255.255.255.255 |Name5678, 9012|244.244.244.244 
|255.255.255.0|Name9012|ipv6é auto, 3456/12.12.12.12/255.255.255.0|N 
ame3456|/ipv6 static|fdd1:0:1:107::500" 

"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=update" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2014-07-09T08:46:54Z</DATETIME> 
<TEXT>Virtual scanner updated successfully</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>43463</VALU 


eal 
V 
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Set Static Routes on Scanner Appliance 
Use the “set_routes” parameter to specify one or more static routes. 


The format for a single static route is 
IPv4_ADDRESS|NETMASK|IPv4_GATEWAY|NAME|IPv6_ADDRESS|IPv6_GATEWAY, with pipe 
(|) used as the delimiter. All attributes are required. Multiple static routes can be assigned 
using a comma separated list. 


Good to know - An API call with the parameter “set_routes” set to ” (empty string) will 
replace (i.e. remove) *all* of the static routes that are assigned to the scanner appliance. 


Attribute Description 


Pv4_ADDRESS A valid IPv4 IP address (dotted quad), such as 10.10.26.0. Leave 
empty when specifying an IPv6 address. 


NETMASK A valid network mask (dotted quad), such as 255.255.255.0. Leave 
empty when specifying an IPv6 address. 


Pv4_GATEWAY A valid IPv4 address (dotted quad), such as 10.10.25.255. Leave 
empty when specifying an IPv6 address. 


NAME A valid name (can be empty). The name can be a maximum of 
256 ASCII characters. The character : (colon) is permitted. These 
characters are not permitted: , (comma), < (less than), > (greater 
than), " (double quote), & (ampersand), |(pipe), = (equals). 


IPv6_ADDRESS A valid IPv6 address (with or without the prefix), such as 
fdd1:0:1:107::500. 
IPv6_GATEWAY A valid IPv6é gateway address, such as 2001:470:8418:280d::1. 


API request (1 IPv4 static route): 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"id=43463&set_routes=10.10.25.0|255.255.255.0|/10.10.25.255|Routel" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=update" 


API request (mix of IPv4 and IPv6 static routes): 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"id=43463&set_routes=192.0.0.0/255.255.255.0/10.100.11.157|Name2,1 
92.168.0.0/255.255.0.0/10.100.11.157|Name3,192.168.10.0||10.100.11 
.157|Name4,192.167.0.0/255.255.0.0|10.100.11.157|Name5|fdd1:0:1:10 
7::500/2001:470:8418:280d::1, | | |Namel | fdd1:0:1:107::500/64|2001:47 
0:8418:280d::1" 

"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=update" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 


<RES PONSE> 
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<DATETIME>2014-07-09T08:49:182</DATE 


TIME> 


<TEXT>Virtual scanner updated succes 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>43463</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 


View Scanner Appliances with VLANs, Static Routes 
Use the parameters “action=list” and “output_mode=full”. 


API request: 


curl -u "USERNAME: PASSWD" -H "X-Requeste 
"https://qualysapi.qualys.com/api/2.0/fo 
s=43463&0utput_mode=full" 


sfully</TEXT> 


d-With: Curl" =X "GET" 
/appliance/?action=list&id 


XML output: 
<VLANS> 
<SETTING>Enabled</SETTING> 
<VLAN> 
<ID>0</ID> 
<NAME>vlanl</NAME> 
<IP_ADDRESS>10.10.10.1</IP_ ADDRESS> 
<NETMASK>255.255.255.0</NETMASK> 
</VLAN> 
</VLANS> 
<STATIC_ROUTES> 
<ROUTE> 
<NAME>Routel</NAME> 
<IP_ADDRESS>10.10.25.0</IP_ ADDRESS> 
<NETMASK>255.255.255.0</NETMASK> 
<GATEWAY>10.10.25.255</GATEWAY> 


E>Route2</NAME> 


A 
Zz 

tg m. FJ Hi 
< 


<GATEWAY>10.10.26.255</GATEWAY> 
</ROUTE> 
</STATIC_ROUTES> 
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<NETMASK>255.255.255.0</NETMASK> 


Scan Configuration 
Scanner Appliance VLANs and Static Routes 


Delete All VLAN Records 
Use the “set_vlans” parameters and set it to “ (empty string). 


API request (deletes all VLAN records): 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: -d 
"1d=43463&set_ vlans=" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=update" 


XML output: 

<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 

"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 

<SIMPLE RETURN> 

<RESPONSE> 

<DATETIME>2014-07-09T08:49:182</DATETIME> 
<TEXT>Virtual scanner updated successfully</TEXT> 


Delete All Static Route Records 
Use the “set_routes” parameters and set it to “ (empty string). 


API request (deletes all static route records): 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: -d 
"1d=43463&set_routes=" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=update" 


XML output: 

<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 

"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 

<SIMPLE RETURN> 

<RESPONSE> 

<DATETIME>2014-07-09T08:49:182</DATETIME> 
<TEXT>Virtual scanner updated successfully</TEXT> 
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Option Profile Export 
/api/2.0/fo/subscription/option_profile/?action=export 
[GET] 


Export one option profile or all option profiles in the subscription to an XML file. Manager 
user role is required. 


Permissions - The API user must have the Manager role. 


Input Parameters 


Parameter Description 

action=export (Required) 

output_format={XML} (Optional) XML format is supported. When unspecified, output 
format is XML. 

option_profile_id={value} (Optional) By default all option profiles will be exported. Specify 
an option profile ID and we'll export the option profile matching 
this ID only. 

option_profile_title={value} (Optional) By default all option profiles will be exported. Specify 


a title and we'll export the option profile matching this title only 
- exact match is required. 


option_profile_type={value} (Optional) Option profile group name/type, e.g. user (for user 
defined), compliance (for compliance profile), pci (for PCI 
vulnerabilities profile). 
Note: “option_profile_type” parameter can be specified with 
“option_profile_id” or “option_profile_title”. 


include_system_option_profiles (Optional) When unspecified or set to 0, system option profiles 
=(0|1} are not included in the output. Specify 1 to include system option 
profiles in the output. 


DTD 
<platform API server>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd 


Sample - Export Option Profiles 
All the option profiles in the user’s account get exported in XML format. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" 

-X GET "action=export" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/" 
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XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<BASIC_ INFO> 
<ID>111186</ID> 
<GROUP_NAME><! [CDATA[OP-SCAN] ] ></GROUP_NAME> 
<GROUP_TYPE>user</GROUP_TYPE> 
<USER_ID><! [CDATA[John Doe (john_doe) ]]></USER_ID> 
<UNIT ID>0</UNIT_ID> 
<SUBSCRIPTION ID>44</SUBSCRIPTION ID> 
<IS_DEFAULT>0</IS_DEFAULT> 
<IS_GLOBAL>1</IS_GLOBAL> 
<IS_ OFFLINE SYNCAB E>0</IS OFFLINE SYNCABL 
<UPDATE DATE>N/A</UPDATE DATE> 
</BASIC_INFO> 
<SCAN> 
<PORTS> 
<TCP_PORTS> 
<TCP PORTS TYPE>full</TCP PORTS TYPE> 
E WAY HANDSHAKE>1</THREE WAY HANDSHAK 
</TCP PORTS> 
<UDP_PORTS> 
DP PORTS TYPE>none</UDP_PORTS TYPE> 
DP PORTS ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>1-1024,8080,8181</ADDITIONAL PORTS> 
</UDP_ PORTS ADDITIONAL> 
</UDP_PORTS> 
<AUTHORITATIV! 
</PORTS> 
<SCAN_ DEAD HOSTS>1</SCAN DEAD HOSTS> 
<CLOSE VULNERABILITIES> 
<HAS CLOSE VULNERABILITIES>1</HAS CLOSE _VULNERABILITIES> 
<HOST NOT FOUND ALIVE>7</HOST NOT FOUND ALIVE> 
</CLOSE_VULNERABILITIES> 


GI 


eal 
V 


A 
= 
PD: 
yD 


Fl 
V 


ea 
© 


PTION>1</AUTHORITATIVE OPTION> 


< 


<PURGE_ OLD HOST OS CHANGED>1</PURGE_OLD HOST OS CHANGED> 
<PERFORMANCE> 
<PARALLEL SCALING>1</PARALLEL SCALING> 
<OVERALL_PERFORMANCE>Custom</OVERALL_PERFORMANCE> 
<HOSTS TO SCAN> 
<EXTERNAL_SCANNERS>30</EXTERNAL_SCANNERS> 
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<SCANNER APPLIANC 


</HOS1 


[S_TO_SCAN> 
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</ 

<P 

<PORT_ SCAN 
DISCOVERY> 
</PE 


<LOAD BA 


<PAS 
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<LOGIN PAS 
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</ PASSWORD BRUT! 


<VUL 
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<TOTAL PROCESS 
<HTTP_PROCESS 
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ACKET DELAY>Min 


UN> 
ES>18</TOTA 
ES>18</ 
UN> 


HTTP 


imum< / PACK 


NING AND HOST D 
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ANCER | 
SWORD BRUTE 
YSTEM> 
<HAS SYST 
<SYSTEM L 
SYSTEM> 
USTOM LIST> 
<CUSTOM> 
<ID>3001</ID> 
<TITL 
<TYPI 
SWORD><! [CDATA[ 
</CUSTOM> 
CUSTOM LIST> 


ET 
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EV 
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NERABI D 
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Options] ]> 


Options] ]> 


Report] ]>< 
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USTOM LIST> 
<CUSTOM> 
<ID>2094</ID> 
<TITL 
</TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>2095</ID> 
<TITL 
</TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>2096</ID> 
<TITLI 
/TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>5230</ID> 
<TITLI 
</CUSTOM> 


EM>1</HAS SYST! 
EL>Standard</SYST 


ISCOVERY>M 


ECTION>1</LOAD BALANC 
RC ING> 


E><! [CDATA[123]]></TITLI 
>FTP</TYP 
L:temp, P:123123123]]></LOGIN_PASSWORD> 


E> 


RCING> 


ECTION> 


E><![CDATA[Option Profile: 


E><![CDATA[Option Profile: 


E><![CDATA[Scan Report Template: 


E><! [CDATA[118960] ]></TITL 
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ECTION> 
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<ID>87939</ID> 
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<ID>87940</ID> 
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CUSTOM> 
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<TITLE><! [C 
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E> 
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DE> 


FECTION EXCLUD 
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E> 


USTOM LIST> 
<CUSTOM> 
<ID>2099</I 
<TITLE><! [C 
</CUSTOM> 
CUSTOM LIST> 
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E><![CDATA[Bash Shellshock Detection] ]></TITLE> 


d Detection] ]></TITLE> 


DATA [DL] ]></TITLE> 
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ERT DE 


/DISSO 


E><! [CDATA[Inventory Results v.1]]></TITLI 


Gl 


DATA[SSL Certificates] ]></TITLE> 


ECKS>1</BASIC_HOST_INFO_CHECKS> 
ECKS> 


DATA [Windows, Unix, Oracle, Oracle 
]></AUTH 
TERCTION> 


ENTICATION> 


iVABLE 


F 


AG 


ENT ENABLE 


Scan Configuration 
Option Profile Export 


T 


<WINDOWS SHARE ENUMERATION ENABLE>1</WINDOWS SHAR 
BLE> 


_ENUMERATION ENA 


</DISSOLVABLE_AGENT> 
<LITE OS SCAN>1</LITE OS SCAN> 
<CUSTOM HTTP HEADER> 
<VALUE>AFCD</VALUE> 
</CUSTOM HTTP HEADER> 
<FILE INTEGRITY MONITORING> 
<AUTO UPDATE EXPECTED VALUE>1</AUTO UPDATE EXPECTED VALUE> 
</FILE_ INTEGRITY MONITORING> 
<DO NOT OVERWRITE OS>1</DO NOT OVERWRITE OS> 
<SYSTEM AUTH RECORD> 
<INCLUDE SYSTEM AUTH> 
<ON DUPLICATE USE USER AUTH>1</ON DUPLICATE USE USER AUTH> 
</ INCLUDE SYSTEM AUTH> 
</SYSTEM AUTH RECORD> 
</SCAN> 
<MAP> 


T 


<BASIC_INFO GATHERING ON>netblockonly</BASIC_INFO GATHERING ON> 
<TCP_PORTS> 
<TCP PORTS STANDARD SCAN>1</TCP PORTS STANDARD SCAN> 
<TCP PORTS ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL _PORTS>1,2,3,80</ADDITIONAL PORTS> 
</TCP_PORTS ADDITIONAL> 
</TCP_PORTS> 
<UDP_PORTS> 
<UDP_PORTS STANDARD SCAN>1</UDP_PORTS STANDARD SCAN> 
<UDP_PORTS ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL_PORTS>4,5,6,8181</ADDITIONAL PORTS> 
</UDP_PORTS ADDITIONAL> 
</UDP_PORTS> 
<MAP_OPTIONS> 
ERFORM LIVE_HOST SWEEP>1</PERFORM LIVE HOST SWEEP> 
<DISABLE DNS TRAFFIC>1</DISABLE DNS TRAFFIC> 
P_OPTIONS> 
<MAP_PERFORMANCE> 
<OVERALL_PERFORMANCE>Custom</OV 
<MAP_PARALLEL> 
<EXTERNAL SCANNERS>16</EXTERNAL_SCANNERS> 
<SCANNER_APPLIANCES>14</SCANNER_APPLIANCES> 
<NETBLOCK_SIZE>64</NETBLOCK_SIZE> 
</MAP_PARALLEL> 
<PACKET_DELAY>Maximum</PACKET_DELAY> 


7 
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RALL PERFORMANC] 
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ea) 
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</MAP PERFORMANCE> 
<MAP AUTHENTICATION>VMware</MAP AUTHENTICATION> 
</MAP> 
<ADDITIONAL> 
<HOST DISCOVERY> 
<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD_SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>1-6,1024</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
<UDP_PORTS> 
<STANDARD SCAN>1</STANDARD_SCAN> 
</UDP_PORTS> 
<ICMP>1</ICMP> 
</HOST_DISCOVERY> 
<BLOCK RESOURCES> 
<WATCHGUARD DEFAULT BLOCKED PORTS>1</WATCHGUARD DEFAULT BLOCKED PO 
RTS> 


<ALL REGISTERED IPS>1</ALL REGISTERED IPS> 

</BLOCK RESOURCES> 
<PACKET OPTIONS> 
<IGNORE FIREWALL GENERATED TCP RST>1</IGNORE FIREWALL GENERATED TC 


T 


<IGNORE_ALL TCP RST>1</IGNORE ALL TCP RST> 
<IGNORE_ FIREWALL GENERATED TCP SYN ACK>1</IGNORE FIREWALL GENERATE 
D TCP SYNACK> | . ae E 
<NOT SEND TCP ACK OR SYN ACK DURING HOST DISCOVERY>1</NOT SI 
ACK OR SYN ACK DURING HOST DISCOVFRY> ` ü 
</PACKET OPTIONS> 
</ADDITIONAL> 

</OPTION PROFILE> 

</OPTION PROFILES> 


T 


E 
Z 
oO 
H 
Q 

Ú 


Sample - Export Option Profile with specific title and ID 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" 

-X GET "action=exportéoption profile title=OP- 
COMP&option profile id=111235" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/" 


XML response: 
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<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>111235</ID> 
<GROUP_NAME><! [CDATA[OP-COMP] ] ></GROUP_NAME> 
<GROUP_TYPE>compliance</GROUP TYPE> 
<USER_ID><![CDATA[John Doe (john_doe) ]]></USER_ID> 
<UNIT ID>0</UNIT ID> 
<SUBSCRIPTION ID>44</SUBSCRIPTION_ ID> 
<IS_GLOBAL>0</IS_GLOBAL> 
<UPDATE_DATE>N/A</UPDATE_DATE> 
</BASIC_INFO> 
<SCAN> 
<PORTS> 
<TARGETED SCAN>1</TARGETED SCAN> 
</PORTS> 
<PERFORMANCE> 
<PARALLEL SCALING>0</PARALLEL SCALING> 
<OVERALL PERFORMANCE>Normal</OVERALL PERFORMANCE> 
<HOSTS TO SCAN> 
<EXTERNAL SCANNERS>5</EXTERNAL SCANNERS> 
<SCANNER_ APPLIANCES>30</SCANNER_APPLIANCES> 
</HOSTS TO SCAN> 
<PROCESSES TO RUN> 
<TOTAL PROCESSES>10</TOTAL PROCESSES> 
<HTTP PROC ESSES>10</HTT P PROCESSES> 
</PROCESSES TO RUN> 
<PACKET DELAY>Short</PACKET DELAY> 
<PORT SCANNING AND HOST DISCOVERY>Minimum</PORT SCANNING AND HOST 
DISCOVERY> ne i u KS E 
</PERFORMANCE> 
<DISSOLVABLE AGENT> 
<DISSOLVABLE AGENT ENABLE>1</DISSOLVABLE AGENT ENABLE> 
<PASSWORD AUDITING ENABLE> 
<HAS PASSWORD AUDITING ENABLE>1</HAS PASSWORD AUDITING ENABLE> 
<CUSTOM PASSWORD DICTIONARY>asdf£</CUSTOM PASSWORD DICTIONARY> 
</PASSWORD AUDITING ENABLE> 
<WINDOWS SHARE ENUMERATION ENABLE>1</WINDOWS SHARE ENUMERATION ENA 
BLE> u 7 ll 7 Ë 7 
<WINDOWS DIRECTORY SEARCH ENABLE>1</WINDOWS DIRECTORY SEARCH ENABL 
E> il ll Ë g 7 
</DISSOLVABLE AGENT> 
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<CONTROL TYPES> 
<FIM CONTROLS ENABLED>1</FIM CONTROLS ENABLED> 
<CUSTOM WMI QUERY CHECKS>1</CUSTOM WMI QUERY CHECKS> 
</CONTROL_TYPES> 
<TEST AUTHENTICATION>1</TEST AUTHENTICATION> 
<SYSTEM AUTH RECORD> 
<INCLUDE SYSTEM AUTH> 
<ON DUPLICATE USE USER AUTH>1</ON DUPLICATE USE USER AUTH> 
</INCLUDE SYSTEM AUTH> 
</SYSTEM AUTH RECORD> 
</SCAN> 
<ADDITIONAL> 
<HOST DISCOVERY> 
<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD_SCAN> 
</TCP_PORTS> 
<UDP_PORTS> 
<STANDARD SCAN>1</STANDARD_SCAN> 
</UDP_PORTS> 
<ICMP>1</ICMP> 
</HOST_DISCOVERY> 
<BLOCK RESOURCES> 
<WATCHGUARD DEFAULT BLOCKED PORTS>1</WATCHGUARD DEFAULT BLOCKED PO 
RTS> 


T 


GI 


T 


<ALL REGISTERED IPS>1</ALL_ REGISTERED IPS> 
</BLOCK_RESOURCES> 
<PACKET_OPTIONS> 
<IGNORE FIREWALL GENERATED TCP RST>1</IGNORE FIREWALL GENERATED TC 
P RST> ` i aes 
<IGNORE FIREWALL GENERATED TCP SYN ACK>1</IGNORE FIREWALL GENERATE 
D TCP SYN ACK> 
<NOT SEND TCP ACK OR SYN ACK DURING HOST DISCOVERY>1</NOT SEND TCP 
ACK OR SYN ACK DURING HOST DISCOVFRY> ` > 
</PACKET_OPTIONS> 
</ADDITIONAL> 
</OPTION PROFILE> 
</OPTION PROFILES> 


Sample - Export Option Profile of type PCI 
The option profile with PCI type in the user’s account get exported in XML format. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" 
-X GET "action=exportéoption profile type=pci" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
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le/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<BASIC_ INFO> 
<ID>111223</ID> 
<GROUP_NAME><! [CDATA[PCI-Example] ]></GROUP_NAM 
<GROUP_TYPE>pci</GROUP_TYPE> 
<USER_ID><![CDATA[John Doe (john_doe) ]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>44</SUBSCRIPTION_ ID> 
<IS_GLOBAL>1</IS_GLOBAL> 
<IS_ OFFLINE SYNCAB E>0</IS OFFLINE SYNCABL 
<UPDATE_DATE>N/A</UPDATE_DATE> 
</BASIC_INFO> 
<SCAN> 
<SCAN_ DEAD HOSTS>1</SCAN DEAD HOSTS> 
<CLOSE VULNERABILITIES> 
<HAS CLOSE VULNERABILITIES>1</HAS CLOSE _VULNERABILITIES> 
<HOST NOT FOUND ALIVE>4</HOST NOT FOUND ALIVE> 


Fl 
V 


eal 
V 
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</CLOSE_VULNERABILITIES> 
<PURGE_OLD HOST OS CHANGED>1</PURGE_OLD HOST OS CHANGFED> 
<PERFORMANCE> 
PARALLEL SCALING>1</PARALLEL SCALING> 
Pp 


< 
<OVERALL PERFORMANCE>Low</OVERALL PERFORMANCE> 
<HOSTS TO SCAN> 


<EXTERNAL SCANNERS>5</EXTERNAL SCANNERS> 
<SCANNER_APPLIANCES>10</SCANNER_APPLIANCES> 
</HOSTS_ TO SCAN> 
<PROCESSES TO RUN> 
<TOTAL PROCESSES>4</TOTAL_PROCESSES> 
<HTTP_PROCESSES>2</HTTP_PROCESSES> 
</PROCESSES TO RUN> 
<PACKET _DELAY>Long</PACKET DELAY> 
<PORT SCANNING AND HOST DISCOVERY>Minimum</PORT SCANNING AND HOST 
DISCOVERY> 7 = p s. = 
</PERFORMANCE> 
</SCAN> 
<ADDITIONAL> 
<HOST_DISCOVERY> 


s 
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<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>1-6,1024</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
</HOST_DISCOVERY> 
</ADDITIONAL> 
</OPTION PROFILE> 
</OPTION PROFILES> 


Sample - Export Options Profile for Database UDC 


Export the Option Profile for MS SQL, Oracle, Sybase, PostgreSQL/Pivotal Greenplum, and 
IBM DB2 with database preference key setting and its corresponding value defined. 


API request: 


curl -u "username:password" -H "X-Requested-With:curl" -H 
"Content-type: text/xml" -X -d 
"action=exportéoption profile id=1710150" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
eee 


</POLICY> 
</SCAN BY POLICY> 
</SCAN_RESTRICTION> 
<DATABASE PREFERENCE KEY> 
<MSSQL> 
<DB_UDC RI 
<DB_U 
</MSSQL 
<ORACLE 
<DB UDC_RESTRICTION>1</DB UDC _RESTRICTION> 
UDC_LIMIT>10</DB_UDC_LIMIT> 


_RESTRICTION>1</DB UDC_RESTRICTION> 
DC_LIMIT>250</DB UDC_LIMIT> 


<DB_UDC_RESTRICTION>1</DB UDC _RESTRICTION> 
UDC_LIMIT>60</DB UDC LIMIT> 
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</SYBASE> 
<POSTGRESQL> 
<DB_UDC_RESTRICTION>1</DB UDC _RESTRICTION> 
<DB_UDC_LIMIT>2500</DB_UDC_LIMIT> 
</POSTGRESQL> 
<DB2> 
<DB_UDC_RESTRICTION>1</DB UDC _RESTRICTION> 
<DB_UDC_LIMIT>350</DB_UDC_LIMIT> 
</DB2> 
</DATABASE PREFERENCE KEY> 
<FILE INTEGRITY MONITORING> 
<AUTO UPDATE EXPECTED VALUE>0</AUTO UPDATE EXPECTED VALUE> 
</FILE INTEGRITY MONITORING> 


</OPTION PROFILE> 
</OPTION_PROFILES> 


Option Profile Import 
/api/2.0/fo/subscription/option_profile/?action=import 
[POST] 

Import all option profiles defined in input XML file. 
Permissions - The API user must have the Manager role. 


When calling the Import Option Profile API the user needs to pass the proper XML with 
Content-Type XML. This will create option profiles in that user’s subscription. All 
validations are applied as in the Qualys portal UI while creating option profiles using the 
Import Option Profile API. 


Validations and Constraints: 
1) The Option Profile DTD is used to validate a generated/exported Option Profile XML file. 


2) An XSD file is used to validate a proper format and required elements of the option 
profile XML file when importing this file. 


3) While importing, any Search Lists defined for Vulnerability Detection, Custom and/or 
Excluded Lists, must be created in the user’s subscription before making an Import Option 
Profile call. At import time we try to match the Search List “title” to a search list title in the 
user's subscription. If a match is found the search list is used, otherwise “Complete” 
Vulnerability Detection is assigned. 


4) Password Brute Force Lists are not imported and will always be empty assigned, 
regardless of Option Profile XML content. 


5) Policies defined for the PC Scan Restriction feature are not imported and will be empty 
assigned, regardless of Option Profile XML content. 
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Input Parameter 


Parameter Description 
action=import (Required) 


Sample - Import option profiles in the input file into the user's account 

API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -H 
"content-type: text/xml" -X POST --data-binary @Export OP.xml 


"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/?action=import" 


Note: “Export_OP.xml” contains the request POST data. 
Request POST data: 


<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>11123</ID> 
<GROUP_ NAME><! [CDATA[OP-SCAN] ] ></GROUP_NAME> 
<GROUP_TYPE>user</GROUP_TYPE 
<USER_ID><![CDATA[John Doe ( 
<UNIT ID>0</UNIT_ID> 
<SUBSCRIPTION ID>76084</SUBSCRIPTION ID> 
<IS_DEFAULT>0</IS_DEFAULT> 
<IS_GLOBAL>1</IS_GLOBAL> 
<IS_ OFFLINE SYNCAB E>0</IS OFFLINE SYNCABL 
<UPDATE_DATE>N/A</UPDATE_DATE> 
</BASIC_INFO> 
<SCAN> 
<PORTS> 
<TCP_PORTS> 
<TCP PORTS TYPE>full</TCP PORTS TYPE> 
E WAY HANDSHAKE>1</THREE WAY HANDSHAK 
</TCP PORTS> 
<UDP PORTS> 
P PORTS TYPE>none</UDP PORTS TYP 
P PORTS ADDITIONAL> 


D 
D 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
< 
U 


Vv 


john_doe) ]]></USER_ID> 
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ADDITIONAL PORTS>1-1024, 8080, 8181</ADDITIONAL PORTS> 


</UDP_PORTS ADDITIONAL> 
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_OPTION> 
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F><! [CDATA[123]]></TITL 


GI 


E><![CDATA[Option Profile: 


! [CDATA[L: temp, P:123123123]]></LOGIN_ PASSWORD> 
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<CUSTOM> 
<ID>2095</ID> 
<TITLE><! [CDATA[Option Profile: 
Options] ]></TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>2096</ID> 


<TITLE><! [CDATA[Scan Report Template: 


Report] ]></TITLE> 


GI 
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2008 SANS20 


High Severity 


</CUSTOM> 
<CUSTOM> 
<ID>5230</ID> 
<TITLE><! [CDATA[118960]]></TITL 
</CUSTOM> 
<CUSTOM> 
<ID>87936</ID> 
<TITLE><! [CDATA[Bash Shellshock Detection] ]></TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>87937</ID> 
<TITLE><! [CDATA[Heartbleed Detection] ]></TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>87938</ID> 


v.1]]></TITLE> 
</CUSTOM> 
<CUSTOM> 
<ID>87939</ID> 


v.1]]></TITLE> 
</CUSTOM> 

<CUSTOM> 
<ID>87940</ID> 


<TITLE><! [CDATA[Inventory Results v.1]]></TITL 


</CUSTOM> 
<CUSTOM> 
<ID>87941</ID> 


<TITLE><! [CDATA[Windows Authentication Results 


<TITLE><! [CDATA[Unix Authentication Results 


eal 
V 


<TITLE><! [CDATA[SSL Certificates] ]></TITLE> 


</CUSTOM> 
</CUSTOM_LIST> 
<DETECTION INCLUDE> 


<BASIC_ HOST INFO CHECKS>1</BASIC_ HOST INFO CHECKS> 


<OVAL_ CHECKS>1</OVAL CHECKS> 
</DETECTION INCLUDE> 
<DETECTION EXCLUDE> 
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<CUSTOM LIST> 
<CUSTOM> 
<ID>2099</ID> 
<TITLE><! [CDATA[DL] ]></TITLE> 
</CUSTOM> 
</CUSTOM_ LIST> 
</DETECTION EXCLUDE> 
</VULNERABILITY DETECTION> 
<AUTHENTICATION><! [CDATA [Windows, Unix, Oracle, Oracle 
Listener, SNMP, VMware, DB2,HTTP,MySQL, Sybase] ] ></AUTHENTICATION> 
<ADDL_ CERT DETECTION>1</ADDL CERT DETECTION> 
<DISSOLVABLE AGENT> 
<DISSOLVABLE AGENT ENABLE>1</DISSOLVABLE AGENT ENABLE> 


<WINDOWS SHARE ENUMERATION ENABLE>1</WINDOWS SHARE ENUMERATION ` 
BLE> 


T 


` 


Ñ 


eal 
= 
D 


</DISSOLVABLE_AGENT> 
<LITE_ OS SCAN>1</LITE OS SCAN> 
<CUSTOM HTTP HEADER> 
<VALUE>AFCD</VALUE> 
</CUSTOM HTTP HEADER> 
<FILE INTEGRITY MONITORING> 
<AUTO UPDATE EXPECTED VALUE>1</AUTO UPDATE EXPECTED VALUE> 
</FILE INTEGRITY MONITORING> 
<DO NOT OVERWRITE OS>1</DO NOT OVERWRITE OS> 
<SYSTEM AUTH RECORD> 
<INCLUDE SYSTEM AUTH> 
<ON DUPLICATE USE USER AUTH>1</ON DUPLICATE USE USER AUTH> 
</ INCLUDE SYSTEM AUTH> 
</SYSTEM AUTH RECORD> 
</SCAN> 
<MAP> 
<BASIC INFO GATHERING ON>netblockonly</BASIC INFO GATHERING ON> 
<TCP_PORTS> 
<TCP PORTS STANDARD SCAN>1</TCP PORTS STANDARD SCAN> 
<TCP_ PORTS ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>1,2,3,80</ADDITIONAL PORTS> 
</TCP PORTS ADDITIONAL> 
</TCP_PORTS> 
<UDP_PORTS> 
<UDP_ PORTS STANDARD SCAN>1</UDP PORTS STANDARD SCAN> 
<UDP_PORTS ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>4,5,6,8181</ADDITIONAL PORTS> 
</UDP_PORTS ADDITIONAL> 
</UDP_PORTS> 
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<MAP OPTIONS> 
<PERFORM LIVE HOST SWEEP>1</PERFORM LIVE HOST SWEEP> 
<DISABLE DNS TRAFFIC>1</DISABLE DNS TRAFFIC> 

</MAP OPTIONS> 

<MAP PERFORMANCE> 
<OVERALL_PERFORMANCE>Custom</OVERALL_PERFORMANCE> 

<MAP_PARALLEL> 

<EXTERNAL SCANNERS>16</EXTERNAL SCANNERS> 


<SCANNER_APPLIANCES>14</SCANNER APPLIANCES> 
<NETBLOCK SIZE>64</NETBLOCK SIZE> 
</MAP_PARALLEL> 
<PACKET DELAY>Medium</PACKET DELAY> 
</MAP_PERFORMANCE> 
<MAP_AUTHENTICATION>VMware</MAP AUTHENTICATION> 
</MAP> 
<ADDITIONAL> 
<HOST_DISCOVERY> 
<TCP_PORTS> 
<STANDARD_SCAN>1</STANDARD_SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>1-6,1024</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
<UDP_PORTS> 
<STANDARD_SCAN>1</STANDARD_SCAN> 
</UDP_PORTS> 
<ICMP>1</ICMP> 
</HOST_DISCOVERY> 
<BLOCK_RESOURCES> 
<WATCHGUARD_ DEFAULT BLOCKED PORTS>1</WATCHGUARD DEFAULT BLOCKED PO 
RTS> 


zJ 


Gl 


<ALL REGISTERED IPS>1</ALL REGISTERED IPS> 


<IGNORE_ FIREWALL GENERATED TCP RST>1</IGNORE_ FIREWALL GENERATED TC 
<IGNORE_ ALL TCP _RST>1</IGNORE ALL TCP RST> 
<IGNORE FIREWALL GENERATED TCP SYN ACK>1</IGNORE_ FIREWALL GENERATE 
D TCP SYN ACK> | Tes en 7 
<NOT SEND TCP ACK OR SYN ACK DURING HOST DISCOVERY>1</NOT_SI 
ACK OR SYN ACK DURING HOST DISCOVERY> ` vn 
</PACKET OPTIONS> 
</ADDITIONAL> 

</OPTION PROFILE> 

</OPTION PROFILES> 


eal 
Z 
J 
=J 
Q 

Ú 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-04-03T11:17:432Z</DATETIME> 
<TEXT>Successfully imported Option profile for the subscription 
Id 76084</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>111234</KEY> 
<VALUE>PCI-John</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


Option Profiles for VM 
/api/2.0/fo/subscription/option_profile/vm/ 


Create, update, list and delete option profiles for VM scans. 


Permissions - All users will be able to list option profiles. A Manager will be able to create, 
update, and delete option profiles in the subscription, and a Unit Manager will be able to 
create, update, and delete option profiles for users in their business unit. 


Create VM Option Profile 
/api/2.0/fo/subscription/option_profile/vm/?action=create 
[POST] 


Input Parameters 


Parameter Description 

action=create (Required 

title={value} (Required) A title for easy identification. 

owner={value} (Optional) The owner of the option profile(s), or the user who 


created the option profile. 


default=(0|1} (Optional) Make this profile the default for all scans and maps. 
Specify 1 to make default. There can only be one default profile 
for the subscription. 
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Description 


global={0|1} 


Optional) Share this profile with other users by making it global. 
Are you a Manager? This profile will be available to all users. 

Are you a Unit Manager? This profile will be available to all users 
in your business unit. 

Specify 1 to make global. 


offline_scanner={0|1} 


Optional) Specify to 1 to download this profile to your offline 
scanners during the next sync. 


scan_tcp_ports={none|full| 
standard|light} 


Required) We use ports to send packets to the host in order to 
determine whether the host is alive and also to do fingerprinting 
for the discovery of services. Specify “full” to scan all ports, 
“standard” to scan standard ports or “light” to scan fewer ports. 
See Appendix B - Ports used for scanning for a list of ports 
used for standard or light scan. We will scan the standard list of 
ports unless you choose a different option in the profile. 


scan_tcp_ports_additional= 
{port1,port2} 


(Optional) Specify additional ports to scan (up to 12500 ports). 


3 way_handshake={0|1} 


(Optional) Specify 1 to let the scanning engine perform a 3-way 
handshake with target hosts. After a connection between the 
service and the target host is established, the connection will be 
closed. This option should be enabled only if you have a 
configuration that does not allow an SYN packet to be followed 
by an RST packet. Also, when this is enabled, TCP based OS 
detection is not performed on target hosts. Without TCP based 
OS detection, the service may not be able to identify the 
operating system installed on target hosts and perform OS- 
specific vulnerability checks 


Scan 


scan_udp_ports={none|full| 
standard|light} 


(Required) Specify “full” to scan all ports, “standard” to scan 
standard ports or “light” to scan fewer ports. See Appendix B - 
Ports used for scanning for a list of UDP ports used for standard 
or light scan. We will scan the standard list of ports unless you 
choose a different option in the profile. 


vulnerability_detection= 
{complete|custom|runtime} 


7 


(Required) With a "complete" scan we'll scan for all 
vulnerabilities (QIDs) in the KnowledgeBase applicable to each 
host being scanned. Specify "custom" to limit the scan to 
specified QIDs only. Then add the QIDs you want to scan. Specify 
“runtime” to scan QIDs at runtime. 


scan_udp_ports_additional 
={port1,port2} 


(Optional) Specify additional ports to scan (up to 20500 ports). 


authoritative_option={0|1} 


(Optional) Specify 1 to enable Authoritative Scan Option. By 
enabling the authoritative scan option your light scan will work 
like a full or standard scan. We will update the vulnerability 
status for all vulnerabilities found, regardless of which ports they 
were detected on. 


scan_dead_hosts=({0|1} 


(Optional) Specify 1 to enable scanning dead hosts. A dead host is 
a host that is unreachable - it didn't respond to any pings. Your 
scan may run longer if you choose to scan dead hosts. 
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close_vuln_on_dead_hosts= 
{0|1} 


(Optional) Specify 1 to quickly close vulnerabilities for hosts that 
are not found alive after a set number of scans. When enabled, 
we'll mark existing tickets associated with dead hosts as 
Closed/Fixed and update the vulnerability status to Fixed. 


not_found_alive_times= 
{value} 


(Optional) Specify the number of times the host is not found alive 
after which the vulnerability should be closed. This setting is 
available only when close_vuln_on_dead_hosts=1. 


purge_host_data={0|1} 


(Optional) Specify 1 to purge host data. This option is especially 
useful if you have systems that are regularly decommissioned or 
replaced. By specifying this option you re telling us you want to 
purge the host if we detect a change in the host's Operating 
System (OS) vendor at scan time, for example the OS changed 
from Linux to Windows or Debian to Ubuntu. We will not purge 
the host for an OS version change like Linux 2.8.13 to Linux 2.9.4. 


external_scanners_use= 
{value} 


Optional) Specify the maximum number of external scanners to 
use for scanning perimeter assets. (This option is available when 
your subscription is configured with multiple external scanners). 


scan_parallel_scaling={0|1} 


Optional) Specify 1 to enable parallel scaling. This setting can be 
useful in subscriptions which have physical and virtual scanner 
appliances with different performance characteristics (e.g., CPU, 
RAM). 
Specify this option to dynamically scale up the number of hosts 
to scan in parallel (at scan time) to a calculated value which is 
based upon the computing resources available on each 
appliance. Note that the number of hosts to scan in parallel 
value determines how many hosts each appliance will target 
concurrently, not how many appliances will be used for the scan. 


scan_overall_performance= 
{high|normal|low|custom} 


(Optional) The profile “normal” is recommended in most cases. 
The settings for scan_external_scanners, 
scan_scanner_appliances, scan_total_process, 
scan_http_process, scan_packet_delay, and scan_intensity 
change as per the specified profile. 

Normal - Well balanced between intensity and speed. 

High - Recommended only when scanning a single IP or a small 
number of IPs. Optimized for speed and shorter scan times. 
Low - Recommended if responsiveness for individual hosts and 
services is low. Optimized for low bandwidth network 
connections and highly utilized networks. May take longer to 
complete. 


scan_external_scanners= 
{value} 


(Optional) Specify the number of external scanners to be used for 
associated scans. This setting is available only if you have 
multiple external scanners in your subscription. For example, if 
you have 10 external scanners in your subscription, you can 
configure this setting to any number between 1 to 10. 
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scan_scanner_appliances= 
[value) 


Optional) Specify the number of scanner appliances to scan at 
the same time (per scan task). Launching several concurrent 
scans on the same scanner appliance has a multiplying effect on 
bandwidth usage and may exceed available scanner resources. 
Don't have scanner appliances? Disregard the Scanner Appliance 
setting. 


scan_total_process={value} 


(Optional) Specify the maximum number of processes to run at 
the same time per host. Note that the total number of processes 
includes the HTTP processes. 


scan_http_process={value} 


(Optional) Specify the maximum number of HTTP processes to 
run at the same time. 


scan_packet_delay= 
{minimum|short|medium| 
long|maximum) 


Optional) Specify the delay between groups of packets sent to 
each host during a scan. With a short delay, packets are sent 
more frequently. With a long delay, packets are sent less 
frequently. 


scan_intensity=[norma1| 
medium|low|minimum) 


Optional) This setting determines the aggressiveness 
parallelism) of port scanning and host discovery at the port 
evel. Lowering the intensity level has the effect of serializing 
port scanning and host discovery. This is useful for certain 
network conditions like cascading firewalls and lower scan 
prioritization on the network. Tip - If you are scanning through a 
firewall we recommended you reduce the intensity level. 
Unauthenticated scans see more of a performance difference 
using this option. 


load_balancer={0|1} 


Optional) Specify 1 to check each target host to determine if it's 
a load balancer. When a load balancer is detected, we determine 
the number of Web servers behind it and report QID 86189 
‘Presence of a Load-Balancing Device Detected" in your results. 


password_brute_forcing_ 
system={minima1|limited| 
standardjexhaustive} 


Optional) How vulnerable are your hosts to password-cracking 
techniques? we'll attempt to guess the password for each 
detected login ID on each target host scanned. Specify the level 
of brute forcing you prefer (“minimal” to “exhaustive’). 


password_brute_forcing_ Optional) Specify titles of the login/password pairs you create 
custom={value1,value2} for password brute forcing on the Qualys Cloud Platform UI. 
custom_search_list_ids= Optional) Specify ids of search lists you want to use in your scan. 
[value1, value2} 

custom_search_list_title= Optional) Specify titles of search lists you want to use in your 
[value1, value2} scan. 

basic_host_information_ Optional) Adds basic host information checks (hostname, OS, 


checks={0|1} 


etc) to your Custom scans. These are already included in 
Complete scans. This setting is enabled by default. 


oval_checks=({0|1} 


Optional) Specify 1 to add a search list with QID 105186 (a 
diagnostic check for OVAL). 


all_qrdi_checks={0|1} 


Optional) Specify 1 to scan target assets for all QRDI 
vulnerabilities in your subscription, i.e. all custom vulnerability 
checks defined with QRDI (Qualys Remote Detection Interface). 
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exclude_search_list_ids= 
{value1, value2} 


(Optional) Specify ids of search lists you want to exclude from 
your scan. 


authentication={value1, 
value2} 


(Optional) Want to run authenticated scans? When you use 
authentication we'll perform a more in-depth assessment and 
get you the most accurate results with fewer false positives. 
Specify one or more technologies for the hosts you want to scan. 
Be sure you've configured authentication records (under Scans > 
Authentication) before running your scan. 

The following options are available: 

- Windows 

- Unix 

- Oracle 

- Oracle Listener 

- SNMP 

- VMware 

- DB2 

- HTTP 

- MySQL 

- MongoDB 

- Tomcat Server 

Palo Alto Networks Firewall 

Sybase 


enable_additional_certificat 
e_detection={0|1} 


(Optional) Want to detect additional certificates beyond ports? 
You need to enable authentication and then run new 
vulnerability scans. Specify 1 to enable this option before 
scanning and see additional certificate records (under Assets > 
Certificates). 


enable_dissolvable_agent 
=(0/1} 


Optional) Specify 1 to enable dissolvable agent. This is required 
for certain scan features like Windows Share Enumeration. How 
does it work? At scan time the Agent is installed on Windows 
devices to collect data, and once the scan is complete it removes 
itself completely from target systems. 


enable_windows_share_ 
enumeration=({0|1} 


Optional) Specify 1 to use Windows Share Enumeration to find 
and report details about Windows shares that are readable by 
everyone. This test is performed using QID 90635. Make sure 1) 
the Dissolvable Agent is enabled, 2) QID 90635 is included in the 
Vulnerability Detection section, and 3) a Windows authentication 
record is defined. 


enable_lite_os_scan={0|1} Optional) Only interested in OS detection? Specify 1 to include 
QID 45017 in the scan (under Vulnerability Detection). 
custom_http_header= Optional) Specify a custom value in order to drop defenses (such 


{value} as logging, IPs, etc) when authorized scans are being run. 
custom_http_definition_ke (Optional) Specify a custom HTTP header definition key 
y=(value} 

custom_http_definition_ Optional) Specify a value for the custom HTTP header definition 


header={value} 


key defin ed in custom_http_definition_key. 
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host_alive_testing={0|1} 


(Optional) Specify 1 to run a quick scan to determine which of 
your target hosts are alive without also performing other scan 
tests. The Appendix section of your Scan Results report will list 
the hosts that are alive and hosts that are not alive. You may see 
some Information Gathered QIDs in the results for hosts found 
alive. 


not_overwrite_os={0|1} 


Optional) Specify 1 if you're running a light or custom scan and 
you don't want to overwrite the OS detected by a previous scan. 


test_authentication={0|1} 


Optional) Specify 1 to test authentication to target hosts. 


System Authentication 


include_system_auth={0|1} 


Optional to create or update option profile record, applicable for 
subscriptions with both PC and VM/VMDR) Specify 
include_system_auth=1 to include system created 
authentication records in scans along with user created records. 


When include_system_auth=1, one of these parameters should 
be enabled: use_system_auth_on_duplicate or 
use_user_auth_on_duplicate. This identifies which record to use 
if you have a system created record and a user created record for 
the same instance configuration. When include_system_auth=0, 
the user created record will be selected for scans by default. 


use_system_auth_on_dupli 


cate={0|1} 


Optional to create or update option profile record, applicable for 
subscriptions with both PC and VM/VMDR) Specify 
use_system_auth_on_duplicate=1 to use the system created 
authentication record if you have a system record and user 
record for the same instance configuration. 


The parameters use_system_auth_on_duplicate and 
use_user_auth_on_duplicate are mutually exclusive, and can 
only be specified if “include_system_auth=1”, 


use_user_auth_on_duplicat 


e={0|1} 


(Optional to create or update option profile record, applicable for 
subscriptions with both PC and VM/VMDR) Specify 
use_user_auth_on_duplicate=1 to use the user created 
authentication record if you have a system record and user 
record for the same instance. 


The parameters use_system_auth_on_duplicate and 
use_user_auth_on_duplicate are mutually exclusive, and can 
only be specified if “include_system_auth=1”, 


Map 


basic_information_gatherin 
g=[all|register|netblockonl 


ylnone] 


(Required) Perform basic information gathering on: 

All: All Hosts (hosts detected by the map), 

Register: Registered Hosts (hosts in your account), 
Netblockonly: Netblock Hosts (hosts added by a user to the 
netblock for the target domain) or None. 
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Parameter Description 
map_tcp_ports_standard_ Optional) Specify 1 to enable standard scan of TCP ports. 
scan={0|1} Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110-111, 
135, 139, 443, 445. 
map_tcp_ports_additional= (Optional) Specify additional TCP ports to scan. You can specify 
{value1,value2} up to 20 ports including the standard scan ports. 
map_udp_ports_standard_ Optional) Specify 1 to enable standard scan of UDP ports. 
scan=({0|1} Standard Scan includes 6 ports: 53, 111, 135, 137, 161, 500. 
map_udp_ports_additional (Optional) Specify additional UDP ports to scan. You can specify 
=(value1,value2} up to 10 ports including the standard scan ports. 
perform_live_host_sweep= Optional) Default setting is 1. Specify 0 to only discover devices 
[0|1) using DNS discovery methods (DNS, Reverse DNS and DNS Zone 


Transfer.) Active probes will not be sent. As a result, we may not 
be able to detect all hosts in the netblock, and undetected hosts 
will not be analyzed. 


disable_dns_traffic={0|1} (Optional) Specify 1 if you want to disable DNS traffic for maps. 
This is valid only when the target domain name includes one or 
more netblocks, e.g. none:[10.10.10.2-10.10.10.100]. 
We'll perform network discovery only for the IP addresses in the 
netblocks. No forward or reverse DNS lookups, DNS zone 
transfers or DNS guessing/bruteforcing will be made, and DNS 
information will not be included in map results. 


map_overall_performance= (Optional) The profile “normal” is recommended in most cases. 

{high|norma1|low|custom} The settings for map_external_scanners, 
map_scanner_appliances, map_netblock_size, and 
map_packet_delay change as per the specified profile. 

Normal - Well balanced between intensity and speed. 

High - Optimized for speed. May be faster to complete but may 

overload firewalls and other networking devices. 

Low - Optimized for low bandwidth network connections. May 

take longer to complete. 


map_external_scanners= Optional) Specify the number of external scanners for netblocks 
{value} to map at the same time per scanner. This setting is available 
only if you have multiple external scanners in your subscription. 
For example, if you have 10 external scanners in your 
subscription, you can configure this setting to any number 
between 1 to 10. 


map_scanner_appliances= (Optional) Specify the number of scanner appliances for 

{value} netblocks to map at the same time per scanner. Launching 
several concurrent scans on the same scanner appliance has a 
multiplying effect on bandwidth usage and may exceed available 
scanner resources. Don't have scanner appliances? Disregard the 
Scanner Appliance setting. 


map_netblock_size={1024 (Optional) Specify the max number of IPs per netblock being 

IPs|4096 IPs|8192 IPs|16384 mapped. The netblock specified for the domain is broken into 

IPs|32768 IPs|65536 IPs} smaller netblocks for processing. Each of these smaller netblocks 
equals a single map process. Use this setting to define how many 
IPs should be included in each process. 
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Parameter Description 

map_packet_delay= (Optional) This is the delay between groups of packets sent to the 
[minimum|short|medium| netblocks being mapped. With a short delay, packets are sent 
long|maximum) more frequently, resulting in more bandwidth utilization and a 


shorter mapping time. With a long delay, packets are sent less 
frequently, resulting in less bandwidth utilization and a longer 
mapping time. 


map_authentication= Optional) Authentication enables the scanner to log into hosts 

{VMware} at scan time to extend detection capabilities. See the online help 
to learn how to configure this option. 

Additional 

additional_tcp_ports={0|1} Optional) Specify 1 to enable host discovery on additional TCP 
ports. Default setting is 1. 

additional_tcp_ports_ Optional) Specify 1 to enable standard scan of additional TCP 

standard_scan={0|1} ports. Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110- 
111, 135, 139, 443, 445. Default setting is 1. 

additional_tcp_ports_ Optional) Specify additional TCP ports to scan. You can specify 

additional={valuel,value2} up to 20 ports including the standard scan ports. 

additional_udp_ports={0|1}_ (Optional) Specify 1 to enable host discovery on additional UDP 
ports. Default setting is 1. 

additional_udp_ports_type= (Optional) Specify “standard” to enable standard scan of 


{standard|custom} additional UDP ports. Standard Scan includes 6 ports: 53, 111, 
135, 137, 161, 500. Default is “standard”. 
Specify “custom” to provide a custom list of ports using 
additional_udp_ports_custom. 


additional_udp_ports_ Optional) Specify additional UDP ports to scan. You can specify 
custom={value1,value2} up to 10 ports including the standard scan ports. 
icmp={0|1} Optional) Specify 1 to only discover live hosts that respond to an 


ICMP ping. Default setting is 1. 


blocked_resources={0|1} Optional) Specify 1 in order to add ports protected by your 
irewall/IDS to prevent them from being scanned. 


protected_ports={default| (Optional) Ports protected by your firewall/IDS. Specify “default” 
custom} to provide a list of default blocked ports: 0-1, 111, 513-514, 2049, 
4100, 6000-6005, 7100, 8000. Default setting is “default”. 

Specify “custom” to provide a custom list of protected ports using 
protected_ports_custom. 


protected_ports_custom= Optional) Specify a custom list of protected ports. 
valuel,value2} 


protected_ips={all|custom} (Optional) IP addresses and ranges protected by your 
firewall/IDS. Default is “all”. 


protected_ips_custom= Optional) Specify a custom list of IP addresses and ranges 
valuei,value2} protected by your firewall/IDS. 


ignore_firewall_generated_ (Optional) Specify 1 to identify firewall-generated TCP RESET 
tcp_rst_packets=({0|1} packets and ignore them. 
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ignore_all_tcp_rs 
{0/1} 


(Optiona 


generated and | 


Specify 


1 to ignore all TCP RESET packets - firewall- 
ive-host-generated. 


ignore_firewall_g 


tcp_syn_ack_packets=({0|1} 


(Optiona 


Specify 


L to determine if TCP SYN-ACK packets are 


generated by a filtering device and ignore packets that appear to 
from such devices. 


originate 


not_send_tcp_ack_or_syn 


ack_packets_duri 


discovery={0|1} 


(Optiona 


Specify 


1 if you do not want to send TCP ACK or SYN- 


ACK packets. Out of state TCP packets are not SYN packets and 
ong to an existing TCP session. 


do not be 


API request: 


curl =u 


ERNAM 


F: PASSWORD" 


-H "X-Requested-With:curl" -X POST 


"action=createétitle=99églobal=lé&scan_tcp ports=fulléscan_udp port 
s=standard&&scan_ overall performance=normal&vulnerability detectio 
n=completeébasic information gathering=all" 

"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 


e/vm/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<! DOCTYPE 
"http://q 


i: RETURN SYST! 


<SIMPLE 


<RES 


<DAT 


<TEXT>Op 
<ITE 
<IT] 


EY>ID</KEY> 
E>32112</VALUI 


IST> 


_RETURN> 


eal 
V 


FM 
ualysapi.qualys.com/api/2.0/simple return.dtd"> 


E>2018-04-26T06:40:032</DATETIME> 
tion profile successfully added.</TEXT> 
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Update VM Option Profile 
/api/2.0/fo/subscription/option_profile/vm/?action=update 


[POST] 


Input Parameters 


Parameter Description 
action=update (Required) 
id={value} (Required) The ID of the option profile. 


For a list of optional parameters, see Input Parameters for Create VM Option Profile. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=updateé&title=33) )&1id=25121" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/vm/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-04-26T09:51:152</DATETIME> 
<TEXT>Option profile successfully updated.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>25121</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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VM Option Profile List 
/api/2.0/fo/subscription/option_profile/vm/?action=list 
[GET] [POST] 


Input Parameters 


All option profiles are fetched if no parameters are given. To fetch a specific option profile, 
provide the “id” or “title” parameter with the option profile id or title of interest. 
Optionally, you can filter the results by using optional parameters listed under Input 
Parameters for Create VM Option Profile. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X GET 
"action=list" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/vm/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>51451401</ID> 
<GROUP_ NAME><! [CDATA [user op - 1] ]></GROUP_NAM 
<GROUP_TYPE>user</GROUP_TYPE> 
<USER_ID><! [CDATA[John smith (jsmith_ap)]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>10421401</SUBSCRIPTION ID> 
<IS_ DEFAULT>0</IS DEFAULT> 
<IS_GLOBAL>1</IS_GLOBAL> 
<IS_ OFFLINE SYNCAB E>1</IS OFFLINE SYNCABLE> 
<UPDATE_DATE>2018-04-10T13:39:412</UPDATE 
</BASIC_INFO> 
<SCAN> 
<PORTS> 
<TCP PORTS> 
<TCP PORTS TYPE>standard</TCP PORTS TYPE> 
<TCP_ PORTS ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<A DITIONAL PORTS>1024</ADDITIONAL PORTS> 
PORTS ADDITIONAL> 
E WAY HANDSHAKE>1</THR 
</TCP_PORTS> 
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<UDP_PORTS> 


<U 
<U 


<A 
</UD 
</UDP_ 
<AUTHO 
</PORTS> 
<SCAN_DI 


DP PORTS TYP! 
DP PORTS ADDITIONAL> 

<HAS ADDITIONAL>1</HAS ADDITIONAL> 
L_PORTS> 


EAD 


L 


E>light</UDP PORTS TYP 


PORTS>8080</ADDITIONA 
DITIONAL> 


DDITIONAL 
P PORTS AD 
PORTS> 

RITATIV 


T 


Gl 


HOSTS>1</SCAN DEAD HOSTS> 


ULNERABILITIES> 


<CLOSE_V 
<HAS C 
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PTION>1</AUTHORITATIVE OPTION> 


VU 


N 


= 


-RABILITIE 


x 


S> 


OSE VULNERABILITIES>1</HAS CLOSE 


<HOST_NOT_ 


</CLOSE 


NERABILITIFS> 


URGE 


ESI 


HOST OS CHANGED>1</ iD 


PURGE O 


FOUND _ALIVE>10</HOST NOT FOUND A 


,IVE> 


HOST OS CHANG 
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D> 


E> 


T 
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| SCALING>1</PARALLEL SCALING> 
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PERFORMANCE>Normal</OVERALL P 
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T 


HOSTS ` 


_SCAN> 


<EXT 


<SCANNE 
HOSTS TO SCAN> 


ERNAL SCANNERS>10</EXTE 


RFO 


RNAL SCANN 
PLIANC 


ERS> 


R_APPLIANCES>30</SCANNER_AP 


<PROC 


ESS 


ES TO RU 


<TOTAL_ 
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N> 
PROCESSES>10</TOTAL PROCESSES> 
ROCESSES>10</HTTP_PROCESSES> 


</ 


PROCE 


ES TO RUN> 


<PACK 


ET 


ELAY>Medium</PACKET ,LAY> 


<PORT SCANNING AN 


ISCOVERY> 
</PERFO 
<LOAD_ BA 
<PASSWOR 


<SYSTEM> 
<HAS ` 
<SYST 
</SYSTI 
<CUSTOM_ 
<CUSTOM> 


<I 
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<TYPE>FTP</TYP 


<LOGIN PASSWORD><! [CDATA[] 


RMANC 


D HOST 


E> 


ANCE ET ER 


ECTION>1</LOAD BALANC 


D BRUTE FO 


RC ING> 


SYST 
EM L 
EM> 

LIST> 


EM>1</HAS SYSTEM> 
EVEL>Standard</SYST 


EV. 


FL > 


EM L 


D>1001</ID> 
ITLE><! [CDATA[ftp - 1] ]></TITLE> 
E> 


</CUSTOM> 
<CUSTOM> 
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RMANCE> 


ES> 


DISCOVERY>Normal</PORT SCANNING AND HOST D 


ECT ION> 


L:Guest, P: temp] ]></LOGIN PASSWORD> 
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<ID>1002</ID> 
<TITLE><! [CDATA[ssh - 1]]></TITLE> 
<TYPE>SSH</TYPE> 


<LOGIN PASSWORD><! [CDATA[L:Guest, P: temp] ]></LOGIN_ PASSWORD> 
</CUSTOM> 
<CUSTOM> 
<ID>1003</ID> 
<TITLE><! [CDATA[window - 1]]></TITLE> 
<TYPE>Windows</TYPE> 


<LOGIN PASSWORD><! [CDATA[L:Guest, P:temp] ] ></LOGIN_PASSWORD> 
</CUSTOM> 
</CUSTOM_LIST> 
</PASSWORD BRUTE FORCING> 
<VULNERABILITY DETECTION> 
<COMPLETE><! [CDATA [complete] ] ></COMPLETE> 
<DETECTION INCLUDE> 
<BASIC HOST INFO CHECKS>0</BASIC HOST INFO CHECKS> 
<OVAL_CHECKS>1</OVAL_CHECKS> 
</DETECTION INCLUDE> 
</VULNERABILITY DETECTION> 
<AUTHENTICATION><! [CDATA[Windows, Unix, Oracle, Oracle 
Listener, SNMP, VMware, DB2,HTTP,MySQL, Sybase] ] ></AUTHENTICATION> 
<ADDL_ CERT DETECTION>1</ADDL CERT DETECTION> 
<DISSOLVABLE AGENT> 
<DISSOLVABLE AGENT ENABLE>1</DISSOLVABLE AGENT ENABLE> 


Ñ 


<WINDOWS SHARE ENUMERATION ENABLE>1</WINDOWS SHAR 
BLE> 


_ENUMERATION ENA 


</DISSOLVABLE AGENT> 
<LITE_ OS SCAN>1</LITE OS SCAN> 
<CUSTOM_ HTTP _HEADER> 
<VALUE>sdfdsf</VALUE> 
<DEFINITION KEY>abc</DEFINITION KEY> 
<DEFINITION VALUE>xyz</DEFINITION VALUE> 
</CUSTOM HTTP HEADER> 
<SYSTEM AUTH RI RD> 
<INCLUDE SYSTEM AUTH> 
<ON DUPLICATE USE USER AUTH>1</ON DUPLICATE USE USER AUTH> 
</INCLUDE SYSTEM AUTH> 
</SYSTEM AUTH RECORD> 
</SCAN> 
<MAP> 
<BASIC_ INFO GATHERING ON>all</BASIC INFO GATHERING ON> 
<TCP_PORTS> 
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PORTS STANDARD SCAN>1</TCP PORTS STANDARD SCAN> 
PORTS ADDITIONAL> 
<HAS ADDITIONAI 


PORTS STANDARD _SCAN>1</UDP_PORTS STANDARD SCAN> 
PORTS ADDITIONAL> 
HAS ADDITIONAL>1</ 
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<platform API server>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd 


Delete VM Option Profile 
/api/2.0/fo/subscription/option_profile/vm/?action=delete 


[GET] [POST] 


Input Parameters 


Parameter 


Description 


action=delete 


(Required) 


id={value} 


(Required) The ID of the option profile. 


API request: 


ERNAME : PASSWO 


"US 
"action=dele 


curl =ü 


te&id=25121" 


Rp" 


-H "X-Requested-With:curl" 


=X POST 


"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 


e/vm/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


<!DOCTYPE 


SIMPLE 


RETURN 


SYSTEM 


?> 


"http: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIM 
<RES 


PLE RETU 


PONSE> 


RN> 
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<DATETIME>2018-04-26T10:58:06Z</DATETIME> 
<TEXT>Option Profile Deleted Successfully</TEXT> 
<ITEM_LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>25121</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


Option Profiles for PCI 
/api/2.0/fo/subscription/option_profile/pci/ 
Create, update, list and delete option profiles for PCI. 


Permissions - All users will be able to list option profiles. A Manager will be able to create, 
update, and delete option profiles in the subscription, and a Unit Manager will be able to 
create, update, and delete option profiles for users in their business unit. 


Create PCI Option Profile 
/api/2.0/fo/subscription/option_profile/pci/?action=create 
[POST] 


Input Parameters 


Parameter Description 

action=create (Required) 

title=(value} (Required) A title for easy identification. 

owner={value} (Optional) The owner of the option profile(s), or the user who 


created the option profile. 


global={0|1} (Optional) Share this profile with other users by making it global. 
Are you a Manager? This profile will be available to all users. 
Are you a Unit Manager? This profile will be available to all users 
in your business unit. 
Specify 1 to make global. 


offline_scanner={0|1} (Optional) Specify to 1 to download this profile to your offline 
scanners during the next sync. 


159 


Parameter 


Scan Configuration 
Option Profiles for PCI 


Description 


scan_parallel_scaling={0|1} 


(Optional) Specify 1 to enable parallel scaling. This setting can be 
useful in subscriptions which have physical and virtual scanner 
appliances with different performance characteristics (e.g., CPU, 
RAM). 

Specify this option to dynamically scale up the number of hosts 
to scan in parallel (at scan time) to a calculated value which is 
based upon the computing resources available on each 
appliance. Note that the number of hosts to scan in parallel 
value determines how many hosts each appliance will target 
concurrently, not how many appliances will be used for the scan. 


Scan 


scan_overall_performance= 
{high|norma1|low|custom} 


(Optional) The profile “normal” is recommended in most cases. 
The settings for scan_external_scanners, 
scan_scanner_appliances, scan_total_process, 
scan_http_process, scan_packet_delay, and scan_intensity 
change as per the specified profile. 

Normal - Well balanced between intensity and speed. 

High - Recommended only when scanning a single IP or a small 
number of IPs. Optimized for speed and shorter scan times. 
Low - Recommended if responsiveness for individual hosts and 
services is low. Optimized for low bandwidth network 
connections and highly utilized networks. May take longer to 
complete. 


scan_external_scanners= 
{value} 


(Optional) Specify the number of external scanners to be used for 
associated scans. This setting is available only if you have 
multiple external scanners in your subscription. For example, if 
you have 10 external scanners in your subscription, you can 
configure this setting to any number between 1 to 10. 


scan_scanner_appliances= 
{value} 


1 


Optional) Specify the number of scanner appliances to scan at 
the same time (per scan task). Launching several concurrent 
scans on the same scanner appliance has a multiplying effect on 
bandwidth usage and may exceed available scanner resources. 
Don't have scanner appliances? Disregard the Scanner Appliance 
setting. 


scan_total_process={value} 


(Optional) Specify the maximum number of processes to run at 
the same time per host. 

Note that the total number of processes includes the HTTP 
processes. 


scan_http_process={value} 


(Optional) Specify the maximum number of HTTP processes to 
run at the same time. 


scan_packet_delay= 
{minimum|short|medium| 
long|maximum) 


(Optional) Specify the delay between groups of packets sent to 
each host during a scan. With a short delay, packets are sent 
more frequently. With a long delay, packets are sent less 
frequently. 
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Description 


scan_intensity=[norma1| 
mediuml|low|minimum]) 


Optional) This setting determines the aggressiveness 
parallelism) of port scanning and host discovery at the port 
evel. Lowering the intensity level has the effect of serializing 
port scanning and host discovery. This is useful for certain 
network conditions like cascading firewalls and lower scan 
prioritization on the network. Tip - If you are scanning through a 
firewall we recommended you reduce the intensity level. 
Unauthenticated scans see more of a performance difference 
using this option. 


scan_dead_hosts={0|1} 


Optional) Specify 1 to enable scanning dead hosts. A dead host is 
a host that is unreachable - it didn't respond to any pings. Your 
scan may run longer if you choose to scan dead hosts. 


close_vuln_on_dead_ 


{0|1} 


hosts= 


(Optional) Specify 1 to quickly close vulnerabilities for hosts that 
are not found alive after a set number of scans. When enabled, 
we'll mark existing tickets associated with dead hosts as 
Closed/Fixed and update the vulnerability status to Fixed. 


not_found_alive_times= 


{value} 


(Optional) Specify the number of times the host is not found alive 
after which the vulnerability should be closed. This setting is 
available only when close_vuln_on_dead_hosts=1. 


purge_host_data=({0|1} 


(Optional) Specify 1 to purge host data. This option is especially 
useful if you have systems that are regularly decommissioned or 
replaced. By specifying this option you're telling us you want to 
purge the host if we detect a change in the host's Operating 
System (OS) vendor at scan time, for example the OS changed 
from Linux to Windows or Debian to Ubuntu. We will not purge 
the host for an OS version change like Linux 2.8.13 to Linux 2.9.4. 


Additional 


additional_tcp_ports_ 
additional={value1,value2} 


Optional) Specify additional TCP ports to scan. You can specify 
up to 7 additional ports apart from the 13 standard scan ports 
used by default: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445 


API request: 


curl -u "US 


ERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST 


"action=createé&title=jp pci 


333&global=lé&offline scanner=lé&external scanners use=3é&scan_parall 
el scaling=1&scan_ overall performance=highéadditional tcp ports ad 
ditional=80, 35" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 


e/pci/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


F 


<! DOCTYPE 
"http://q 


SIMPLE 


RETURN SYSTEM 


ualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE R 


F'TURN> 
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<RESPONSE> 
<DATETIME>2018-04-26T13:04:212</DATETIME> 
<TEXT>Option profile successfully added.</TEXT> 


<KEY>ID</KEY> 
<VALUE>32113</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


zal 
V 


Update PCI Option Profile 
/api/2.0/fo/subscription/option_profile/pci/?action=update 
[POST] 


Input Parameters 


Parameter Description 
action=update (Required) 
id={value} (Required) The ID of the option profile. 


For a list of optional parameters, see Input Parameters for Create PCI Option Profile. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=update&id=31102é&title=jp pci2" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/pci/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-04-10T10:32:502</DATETIME> 
<TEXT>Option profile successfully updated.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>31102</VALUE 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
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</SIMPLE RETURN> 
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PCI Option Profile List 
/api/2.0/fo/subscription/option_profile/pci/?action=list 
[GET] [POST] 


Input Parameters 


All option profiles are fetched if no parameters are given. To fetch a specific option profile, 
provide the “id” or “title” parameter with the option profile id or title of interest. 
Optionally, you can filter the results by using optional parameters listed under Input 
Parameters for Create PCI Option Profile. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X GET 
"action=list" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/pci/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/option profile info.dtd"> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>31102</ID> 
<GROUP_NAME><! [CDATA[Jjp pci 11] ]></GROUP_NAME> 
<GROUP_TYPE>pci</GROUP_TYPE> 
<USER_ID><![CDATA[John Smith (jsmith_ap)]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>10421401</SUBSCRIPTION ID> 
<IS_GLOBAL>1</IS_GLOBAL> 
<IS_OFFLINE SYNCAB E>0</IS OFFLINE SYNCABLE> 
<UPDATE DATE>2018-04-10T10:32:50Z</UPDATE 
</BASIC_INFO> 


oO 
D 
H 
Vv 


<SCAN> 
<SCAN DEAD HOSTS>0</SCAN_ DEAD HOSTS> 
<PURGE OLD HOST OS CHANGED>0</PURGE OLD HOST OS CHANGED> 
<PERFORMANCE> 
<PARALLEL_ SCALING>0</PARALLEL_SCALING> 
<OVERALL_PERFORMANCE>high</OVERALL_PERFORMANCE> 


<HOSTS_TO SCAN> 
<EXTERNAL_ SCANNERS>20</EXTERNAL_SCANNERS> 
<SCANNER_ APPLIANCES>40</SCANNER APPLIANCES> 
</HOSTS_TO_SCAN> 
<PROCESSES_TO_RUN> 
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<TOTAL PROCESSES>15</TOTAL PROCESSFS> 
<HTTP_PROCESSES>15</HTTP PROCESSES> 
</PROCESSES_TO RUN> 
<PACKET DELAY>Short</PACKET DELAY> 
</PERFORMANCE> 
</SCAN> 
<ADDITIONAL> 
<HOST DISCOVERY> 
<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>80,35</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
</HOST DISCOVERY> 
</ADDITIONAL> 
</OPTION PROFILE> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>32113</ID> 
<GROUP_NAME><! [CDATA[jp pci 333]]></GROUP_NAME> 
<GROUP_TYPE>pci</GROUP_TYPE> 
<USER_ID><![CDATA[John Smith (jsmith_ap)]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>10421401</SUBSCRIPTION ID> 
<IS_GLOBAL>1</1IS GLOBAL> 
<IS_ OFFLINE SYNCABLE>1</IS OFFLINE SYNCABLE> 
<UPDATE DATE>2018-04-10T10:32:502</UPDATE 
</BASIC_INFO> 


T 
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<SCAN> 
<SCAN DEAD HOSTS>0</SCAN DEAD HOSTS> 
<PURGE OLD HOST OS CHANGED>0</PURGE OLD HOST OS CHANGED> 


<PERFORMANCE> 
<PARALLEL SCALING>1</PARALLEL SCALING> 
ERALL PERFORMANCE>High</OVERALL_PERFORMANCE> 
<HOSTS_ TO SCAN> 
<EXTERNAL SCANNERS>20</EXTERNAL_SCANNERS> 
<SCANNER_APPLIANCES>40</SCANNER APPLIANCES> 
</HOSTS_TO_SCAN> 
<PROCESSES_TO_RUN> 
<TOTAL PROCESSES>15</TOTAL PROCESSES> 
<HTTP PROCESSES>15</HTTP PROCESSES> 
</PROCESSES TO RUN> 
<PACKET_DELAY>Short</PACKET DELAY> 
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</ PERFORMANCI 
</SCAN> 
<ADDITIONAL> 
<HOST_DISCOVERY> 
<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>80,35</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
</HOST_DISCOVERY> 
</ADDITIONAL> 
</OPTION PROFILE> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>51471401</ID> 
<GROUP_NAME><! [CDATA[pci op - 1]]></GROUP NAME> 
<GROUP_TYPE>pci</GROUP_TYPE> 
<USER_ID><![CDATA[John Smith (jsmith_ap)]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>10421401</SUBSCRIPTION ID> 
<IS_GLOBAL>0</IS_ GLOBAL> 
<IS OFFLINE SYNCABLE>0</IS OFFLINE SYNCABLE> 
<UPDATE DATE>2018-04-10T10:32:50Z</UPDATE 
</BASIC_INFO> 
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<SCAN> 
<SCAN DFAD HOSTS>1</SCAN DEAD HOSTS> 
<PURGE OLD HOST OS CHANGED>0</PURGE OLD HOST OS CHANGED> 
<PERFORMANCE> 
<PARALLEL SCALING>1</PARALLEL SCALING> 
<OVERALL PERFORMANCE>High</OVERALL PERFORMANCE> 


<HOSTS_TO_ SCAN> 
<EXTERNAL SCANNERS>20</EXTERNAL SCANNERS> 
<SCANNER APPLIANCES>40</SCANNER_APPLIANCES> 
</HOSTS_TO_SCAN> 
<PROCESSES TO RUN> 
<TOTAL PROCESSES>15</TOTAL_ PROCESSES> 
<HTTP_PROCESSES>15</HTTP_PROCESSES> 
</PROCESSES TO RUN> 
<PACKET_DELAY>Short</PACKET DELAY> 


<PORT SCANNING AND HOST DISCOVERY>Normal</PORT SCANNING AND HOST D 

ISCOVERY> ka Aa ü ü Ku Asa _ 

</PERFORMANCE> 
</SCAN> 
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<ADDITIONAL> 
<HOST_DISCOVERY> 
<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL_PORTS>1024</ADDITIONAL_PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
</HOST_DISCOVERY> 
</ADDITIONAL> 
</OPTION PROFILE> 
</OPTION PROFILES> 


DTD 
<platform API server>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd 


Delete PCI Option Profile 
/api/2.0/fo/subscription/option_profile/pci/?action=delete 
[GET] [POST] 


Input Parameters 


Parameter Description 
action=delete (Required) 
id={value} (Required) The ID of the option profile. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=deleteé&id=51471401" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/pci/" 


XML output: 

<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 

"http://qualysapi.qualys.com/api/2.0/simple return.dtd"> 

<SIMPLE RETURN> 

<RES PONSE> 

<DATETIME>2018-04-10T10:32:502Z</DATETIME> 
<TEXT>Option Profile Deleted Successfully</TEXT> 
<ITEM LIST> 
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M> 
EY>ID</KEY> 
<VALUE>51471401</VALUE> 


A 
NX Fl 


</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


Option Profiles for Compliance 
/api/2.0/fo/subscription/option_profile/pc/ 
Create, update, list and delete option profiles for compliance scans. 


Permissions 


Note: The list PC option profiles API is available as part of one of the following subscription 
combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 


All users will be able to list option profiles. A Manager will be able to create, update, and 
delete option profiles in the subscription, and a Unit Manager will be able to create, 
update, and delete option profiles for users in their business unit. 


Create PC Option Profile 
/api/2.0/fo/subscription/option_profile/pc/?action=create 
[POST] 


Input Parameters 


Parameter Description 

action=create Required) 

title={value} Required) The title for the option profile. 

owner={value} Optional) The owner of the option profile(s), or the user who 


created the option profile. 


global={0|1} Optional) Share this profile with other users by making it global. 
Are you a Manager? This profile will be available to all users. 

Are you a Unit Manager? This profile will be available to all users 
in your business unit. 

Specify 1 to make global. 
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Description 


scan_parallel_scaling={0|1} 


(Optional) Specify 1 to enable parallel scaling. This setting can be 
useful in subscriptions which have physical and virtual scanner 
appliances with different performance characteristics (e.g., CPU, 
RAM). 

Specify this option to dynamically scale up the number of hosts 
to scan in parallel (at scan time) to a calculated value which is 
based upon the computing resources available on each 
appliance. Note that the number of hosts to scan in parallel 
value determines how many hosts each appliance will target 
concurrently, not how many appliances will be used for the scan. 


Scan 


scan_overall_performance= 
{high|norma1|low|custom} 


(Required) The profile “normal” is recommended in most cases. 
The settings for scan_external_scanners, 
scan_scanner_appliances, scan_total_process, 
scan_http_process, scan_packet_delay, and scan_intensity 
change as per the specified profile. 

Normal - Well balanced between intensity and speed. 

High - Recommended only when scanning a single IP or a small 
number of IPs. Optimized for speed and shorter scan times. 
Low - Recommended if responsiveness for individual hosts and 
services is low. Optimized for low bandwidth network 
connections and highly utilized networks. May take longer to 
complete. 


scan_external_scanners= 
{value} 


(Optional) Specify the number of external scanners to be used for 
associated scans. This setting is available only if you have 
multiple external scanners in your subscription. For example, if 
you have 10 external scanners in your subscription, you can 
configure this setting to any number between 1 to 10. 


scan_scanner_appliances= 
{value} 


Optional) Specify the number of scanner appliances to scan at 
the same time (per scan task). Launching several concurrent 
scans on the same scanner appliance has a multiplying effect on 
bandwidth usage and may exceed available scanner resources. 
Don't have scanner appliances? Disregard the Scanner Appliance 
setting. 


scan_total_process={value} 


Optional) Specify the maximum number of processes to run at 
the same time per host. 

Note that the total number of processes includes the HTTP 
processes. 


scan_http_process={value} 


Optional) Specify the maximum number of HTTP processes to 
run at the same time. 


scan_packet_delay= 
{minimum|short|medium| 
long|maximum) 


Optional) Specify the delay between groups of packets sent to 
each host during a scan. With a short delay, packets are sent 
more frequently. With a long delay, packets are sent less 
frequently. 
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scan_intensity=[norma1| 
medium|]low|minimum} 


Optional) This setting determines the aggressiveness 
parallelism) of port scanning and host discovery at the port 
evel. Lowering the intensity level has the effect of serializing 
port scanning and host discovery. This is useful for certain 
network conditions like cascading firewalls and lower scan 
prioritization on the network. Tip - If you are scanning through a 
firewall we recommended you reduce the intensity level. 
Unauthenticated scans see more of a performance difference 
using this option. 


scan_by_policy={0|1} 


Optional) Specify 1 to enable scan by policy. The Scan by Policy 
option allows you to restrict your scans to the controls in 
specified policies. You can choose up to 20 policies, one policy at 
a time. Once you've specified a policy, all controls in that policy 
will be scanned including any special control types in the policy. 
This is regardless of the Control Types settings in the profile. 


policy_names={value1, 
value2} 


Optional) Specify policy names to scan by policy. 


policy_ids={value1,value2} 


Optional) Specify policy IDs to scan by policy. 


auto_update_expected_value 
={0|1} 


Optional) Specify 1 to update the control expected value used 
for posture evaluation with the actual value returned by the 
scan. 


fim_controls_enabled={0|1} 


Optional) Specify 1 to perform file integrity monitoring based on 
user defined file integrity checks. A file integrity check is a user 
defined control that checks for changes to a specific file. You 
should set auto_update_expected_value=1 in order to use this 
parameter. 


custom_wmi_query_checks={ 
0|1} 


Optional) Specify 1 to run Windows WMI query checks. When 
enabled, WMI query checks will be performed for user defined 
WMI Query Check controls. 


enable_dissolvable_agent= 
{0/1} 


Optional) Specify 1 to enable dissolvable agent. This is required 
for certain scan features like Windows Share Enumeration. How 
does it work? At scan time the Agent is installed on Windows 
devices to collect data, and once the scan is complete it removes 
itself completely from target systems. 


enable_password_auditing= 
{0|1} 


Optional) Specify 1 to check for service provided password 
auditing controls (control IDs 3893, 3894 and 3895). These 
controls are used to identify 1) user accounts with empty 
passwords, 2) user accounts with the password equal to the user 
name, and 3) user accounts with passwords equal to an entry in 
a user-defined password dictionary. This setting is available only 
if enable_dissolvable_agent=1. 


custom_password_dictionary 
=[value1,value2) 


Optional) Specify passwords in order to create a password 
dictionary. This is used when evaluating control ID 3895, which 
identifies user accounts where the password is equal to an entry 
in the password dictionary. 
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enable_windows_share_ 
enumeration={0|1} 


(Optional) Specify 1 to use Windows Share Enumeration to find 
and report details about Windows shares that are readable by 
everyone. This test is performed using QID 90635. Make sure 1) 
the Dissolvable Agent is enabled, 2) QID 90635 is included in the 
Vulnerability Detection section, and 3) a Windows authentication 
record is defined. 


enable_windows_directory_ 
search={0|1} 


(Optional) Specify 1 if you've set up Windows Directory Search 
controls and want to include them in the scan. This custom 
control allows you to search for files/directories based on various 
criteria like file name and user access permissions. 


scan_ports={standard| 
targeted} 


(Required) Specify “standard” to enable standard scan of TCP 
ports. See Appendix B - Ports used for scanning for a list of ports 
used for standard scan. 

Specify “targeted” to perform a targeted scan. 

Which ports are included in a targeted scan? 

For Unix hosts, these well known ports are scanned: 22 (SSH), 23 
(telnet) and 513 (rlogin). Any one of these services is sufficient for 
authentication. If services (SSH, telnet, rlogin) are not running on 
these well known ports for the hosts you will be scanning, 
specify this option and define a custom ports list in the Unix 
authentication record. Note: The actual ports scanned also 
depends on the Ports setting in the Unix authentication record. 
For Windows hosts, the service scans a fixed set of required 
Windows ports (a service defined, internal list). 


mssql_db_udc_restriction=(0| 
1 


T 


(Optional) Set value to 1 if you want to specify a limit on the 
number of rows to be returned per scan for custom MS SQL 
Database checks. 


mssql_db_udc_limit={value} 


(Optional) Provide a value to define the number of rows to be 
returned per scan (default is 256). 


oracle_db_udc_restriction=(0| 
1) 


1 


Optional) Set value to 1 if you want to specify a limit on the 
number of rows to be returned per scan for custom Oracle 
Database checks. 


oracle_db_udc_limit={value} 


Optional) Provide a value to define the number of rows to be 
returned per scan (default is 5000). 


sybase_db_udc_restriction={0 
11} 


1 


Optional) Set value to 1 if you want to specify a limit on the 
number of rows to be returned per scan for custom Sybase 
Database checks. 


sybase_db_udc_limit={value} 


Optional) Provide a value to define the number of rows to be 
returned per scan (default is 256). Maximum allowed limit for 
Sybase is 2500 rows. 


postgresql_db_udc_restrictio 
n={0|1} 


Optional) Set value to 1 if you want to specify a limit on the 
number of rows to be returned per scan for custom 
PostgreSQL/Pivotal Greenplum Database checks. 


postgresql_db_udc_limit={val 
ue} 


(Optional) Provide a value to define the number of rows to be 
returned per scan (default is 256). Maximum allowed limit for 
PostgreSQL/Pivotal Greenplum is 5000 rows. 
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sapiq_db_udc_restriction=[0| 
1) 


Optional) Set value to 1 if you want to specify a limit on the 
number of rows to be returned per scan for custom SAP IQ 
Database checks. 


sapiq_db_udc_limit={value} 


Optional) Provide a value to define the number of rows to be 
returned per scan (default is 256). Maximum allowed limit for 
SAP IQ is 10000 rows. 


db2_db_udc_restriction= {0]1} 


Optional) Set value to 1 if you want to specify a limit on the 
number of rows to be returned per scan for custom IBM DB2 
Database checks. 


db2_db_udc_limit= {value} 


(Optional) The default value is 256 and maximum allowed limit 
is 5000 rows. 


enable_auth_instance_disc 
overy={0|1} 


(Optional to create or update option profile record) Specify 
enable_auth_instance_discovery=1 to enable auto discover 
instances and system record creation for the chosen auth types. 
When unspecified (enable_auth_instance_discovery=0), we will 
not scan to auto discover instances. The parameters 
enable_auth_instance_discovery, scan_by_policy and 
include_system_auth are mutually exclusive and cannot be 
specified together in the same request. 


n UI, this parameter is a check box and referred to "Allow 
instance discovery..." in the System Authentication Records 
section on the New/Edit Compliance Profile page. 


auto_auth_types={value} 


Optional to create or update option profile record) Specify the 
technologies for which you want to enable auto discover 
instances and system record creation. The valid values are: 
Apache Web Server, IBM WebSphere App Server, Jboss Server, 
Tomcat Server and Oracle. Multiple technologies are specified as 
comma separated values. This parameter can only be specified if 
enable_auth_instance_discovery=1. 


ibm_was_discovery_mode={v 
alue} 


(Optional to create or update option profile record) Specify 
ibm_was_discovery_mode=server_dir to auto discover instances 
at the server directory level. Specify 
ibm_was_discovery_mode=installation_dir to auto discover 
instances at the installation directory level. 


When unspecified and auto_auth_types=IBM WebSphere App 
Server, we will auto discover instances at the installation 
directory level. 


This parameter can only be specified if auto_auth_types includes 
IBM WebSphere App Server. 


oracle_template_id={value} 


(Optional) The Template ID for the Oracle system record 
template you want to assign to the compliance profile for 
discovery scans. 


When auto_auth_types=Oracle is specified, then 
oracle_template_id or oracle_template_name must also be 
specified. 


172 


Parameter 


Scan Configuration 
Option Profiles for Compliance 


Description 


oracle_template_name= 
[value) 


(Optional) The Template Name for the Oracle system record 
template you want to assign to the compliance profile for 
discovery scans. 


When auto_auth_types=Oracle is specified, then 
oracle_template_id or oracle_template_name must also be 
specified. 


include_system_auth={0|1} 


(Optional to create or update option profile record) Specify 
include_system_auth=1 if you have a system created auth record 
and user created auth record for the same instance configuration 
and choose which one to include for scans. When unspecified 
(include_system_auth=0), user record will be selected for scan by 
default. 


When include_system_auth=1, one of these parameters should 
be enabled: use_system_auth_on_duplicate or 
use_user_auth_on_duplicate. 


In UI, this parameter is a check box and referred to "Use System 
Authentication Records" in the System Authentication Records 
section in the Scan tab on the New/Edit Compliance Profile page. 


use_system_auth_on_dupli 
cate=({0|1} 


(Optional to create or update option profile record) Specify 
use_system_auth_on_duplicate=1 to include system created 
auth record if you have a system record and user record for the 
same instance configuration. 


The parameters use_system_auth_on_duplicate and 
use_user_auth_on_duplicate are mutually exclusive and can 
only be specified if "include_system_auth=1", 


use_user_auth_on_duplicat 
e=(0|1} 


(Optional to create or update option profile record) Specify 
use_user_auth_on_duplicate=1 to include user created 
authentication record if you have a system record and user 
record for the same instance. 


The parameters use_system_auth_on_duplicate and 
use_user_auth_on_duplicate are mutually exclusive and can 
only be specified if "Include_system_auth=1". 


Instance Data Collection 


enable_instance_data_colle 
ction={0|1} 


(Optional) Specify 1 to enable database instance data 
collection by using underlying OS authentication record. By 
default, this option is disabled. 


instance_data_collection_a 
uth_types 


(Optional) Specify the database technologies for which you 
want to enable OS authentication-based data collection. The 
valid values are: IBM DB2, InformixDB, MongoDB, MSSQL, MySQL, 
Oracle, Pivotal Greenplum, PostgreSQL, Sybase. You can 

use this parameter only if you set the value of the 
enable_instance_data_collection parameter to 1. 


enable_os_based_instance_ 
discovery={0|1} 


(Optional) Set the value to 1 to enable technology instance 
data collection by using underlying OS authentication record. 
By default, this option is disabled. 
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os_based_instance_disc_tec 
hnologies 


(Optional) Specify a comma-separated list of technologies to 
enable OS authentication-based data collection. Currently we 
support Oracle JRE and IBM WebSphere Liberty. Hence, the valid 
values are: Oracle JRE and IBM WebSphere Liberty. 

You can use this parameter only if you set the value of the 
enable_os_based_instance_discovery parameter to 1. 


Additional 


additional_t 


ie) 


p_ports=[0|1) 


Optional) Specify 1 to enable host discovery on additional TCP 
ports. Default setting is 1. 


additional_tcp_ports_ 
standard_scan={0|1} 


Optional) Specify 1 to enable standard scan of additional TCP 
ports. Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110- 
111, 135, 139, 443, 445. Default setting is 1. 


additional_tcp_ports_ 
additional={value1,value2} 


Optional) Specify additional TCP ports to scan. You can specify 
up to 20 ports including the standard scan ports. 


additional_udp_ports=({0|1} 


Optional) Specify 1 to enable host discovery on additional UDP 
ports. Default setting is 1. 


additional_udp_ports_type= 
{standard|custom} 


Optional) Specify “standard” to enable standard scan of 
additional UDP ports. Standard Scan includes 6 ports: 53, 111, 
135, 137, 161, 500. Default is “standard”. 

Specify “custom” to provide a custom list of ports using 
additional_udp_ports_custom. 


additional_udp_ports_ 
custom={value1,value2} 


Optional) Specify additional UDP ports to scan. You can specify 
up to 10 ports including the standard scan ports. 


icmp={0|1} 


Optional) Specify 1 to only discover live hosts that respond to an 
CMP ping. Default setting is 1. 


blocked_resources={0|1} 


Optional) Specify 1 in order to add ports protected by your 


irewall/IDS to prevent them from being scanned. 


protected_ports={default| 
custom} 


Optional) Ports protected by your firewall/IDS. Specify “default” 
to provide a list of default blocked ports: 0-1, 111, 513-514, 2049, 
4100, 6000-6005, 7100, 8000. Default setting is “default”. 

Specify custom to provide a custom list of protected ports using 
protected_ports_custom. 


protected_ports_custom= 
valuet1,value2} 


Optional) Specify a custom list of protected ports. 


protected_ips={al1|custom} 


Optional) IP addresses and ranges protected by your 
firewall/IDS. Default is “all”. 


protected_ips_custom= 
valuet1,value2} 


Optional) Specify a custom list of IP addresses and ranges 
protected by your firewall/IDS. 


ignore_rst_packets={0|1} 


Optional) Specify 1 to ignore all TCP RESET packets - firewall- 
generated and live-host-generated. 
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Parameter Description 

ignore_firewall_generated_ (Optional) Specify 1 to determine if TCP SYN-ACK packets are 

syn_ack_packets=(0|1} generated by a filtering device and ignore packets that appear to 
originate from such devices. 

not_send_ack_or_syn_ack (Optional) Specify 1 if you do not want to send TCP ACK or SYN- 

packets_during_host_ ACK packets. Out of state TCP packets are not SYN packets and 

discovery={0|1} do not belong to an existing TCP session. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=createétitle=pcjp&global=lé&scan parallel scaling=lé&scan_ ov 
erall performance=highéscan by policy=lé&policy names=jp2&auto_upda 
te expected value=léscan_ ports=standardéadditional tcp ports=lé&not 
send _ack or syn ack packets during host discovery=1" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/pc/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-04-10T11:10:36Z</DATETIME> 
<TEXT>Compliance Option profile successfully added.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>39044</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 
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Sample create option profile for Oracle instance discovery 


In this sample we are creating an option profile with instance discovery and system record 
creation enabled for Oracle and we re using template ID 2237327. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST -q 
"action=create&title=Profile-Auth-Ins- 

Oracle&enable auth instance discovery=1&auto auth types=0racle&sca 
n ports=targeted&oracle template id=2237327" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/pc/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2020-04-23T19:12:10Z</DATETIME> 
<TEXT>Compliance Option profile successfully added.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>3305478</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


Database UDCs for MS SQL, Oracle, Sybase, PostgreSQL/Pivotal 
Greenplum, SAP IQ, and IBM DB2 


We have added the following parameters to the Options Profile API to help you set a limit 
on the number of rows returned per scan for the MS SQL, Oracle, Sybase, 
PostgreSQL/Pivotal Greenplum, SAP IQ, and IBM DB2 UDCs. 


- DATABASE_PREFERENCE_KEY 
- mssgl_db_udc_restriction 

- mssql_db_udc_limit 

- oracle_db_udc_restriction 

- oracle_db_udc_limit 

- sybase_db_udc_restriction 


- sybase_db_udc_limit 
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- postgreSQL_db_udc_restriction 
- postgreSQL_db_udc_limit 

- sapig_db_udc_restriction 

- sapig_db_udc_limit 

- db2_db_udc_restriction 

- db2_db_udc_limit 


Maximum allowed limit for MS SQL is 256 rows, for Oracle, PostgreSQL/Pivotal Greenplum, 
and IBM DB2, it’s 5000 rows, for Sybase it’s 2500 rows, and for SAP IQ, it’s 10000 rows. 


Sample - Create for Database UDC 


Create with Database Preference Key and custom Limit set for MS SQL, Oracle, Sybase, 
PostgreSQL/Pivotal Greenplum, SAP IQ, and IBM DB2. 


API request: 


curl -u "username:password" -H "X-Requested-With:curl" -H 
"Content-type: text/xml" -X POST -d "action=create&title=API-PC- 
OP&éscan ports=targetedé&oracle db udc_restriction=lé&oracle db udc 1 
imit=10émssql db udc_restriction=l&mssql db _udc_limit=250ésybase d 
b_udc_restriction=l&sybase db udc limit=50&postgreSQL db udc restr 
iction=l1&postgreSQL db udc limit=50&db2 db udc_restriction=lédb2 d 
b udc limit=300" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/pc/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2019-05-20T19:16:412Z</DATETIME> 
<TEXT>Compliance Option profile successfully added.</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>1710286</VALU 


ea) 
V 


</ITE  IST> 
</RESPONSE> 
</SIMPLE RETURN> 
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Update Compliance Option Profile 
/api/2.0/fo/subscription/option_profile/pc/?action=update 
[POST] 


Input Parameters 


Parameter Description 
action=update (Required) 
id={value} (Required) The ID of the option profile. 


For a list of optional parameters, see Input Parameters for Create PC Option Profile. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=updateétitle=pc-jp&id=51491401" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/pc/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-04-10T11:10:36Z</DATETIME> 
<TEXT>Compliance Option profile successfully updated.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>51491401</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 


Sample - Update for Database UDC 
Update Option Profile with Oracle Database Preference Key 
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API request: 


curl -u "username:password" -H "X-Requested-With:curl" -H 
"Content-type: text/xml" -X POST -d 
"action=update&id=1709710&title=API-PC-OP-Oracle-custom-limit 
&scan ports=targeted&oracle db udc restriction=l&oracle db udc lim 
it=100" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/pc/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2019-05-20T06:45:002</DATETIME> 
<TEXT>Compliance Option profile successfully updated.</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>1709710</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 
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/api/2.0/fo/subscription/option_profile/pc/?action=list 


[GET] [POST] 


Input Parameters 


All option profiles are fetched if no parameters are given. To fetch a specific option profile, 
provide the “id” or “title” parameter with the option profile id or title of interest. 
Optionally, you can filter the results by using optional parameters listed under Input 
Parameters for Create PC Option Profile. 


API request: 


curl 


"action=list 


-~u 


"USERNAM 


F W" 


F: PASSWORD" 


-H "X-Requested-With:curl" 


-X 


GET 


"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 


e/pc 


fu 


XML output: 


<?xml version="1.0" encoding=" 
<!DOCTYPE 


UTF-8" 


OPTION PROFILES SYSTEM 


?> 


"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 


e/op 


<OPTION ` 


tion 


_profile info.d 
PROFILES> 


<OPTION PROFILE> 


<BAS 
<I 
<G 
<G 
<U 


IC INFO> 


D>19026</ID> 


S 


td"> 


<UNIT ID>0</UNIT_ ID> 


<5 


UBSC 


<IS_GLOBAL>1</IS_GLOBAL> 


<U 


PDATE DAT 


</BASIC_INFO> 


<SCAN> 


<P 


ORTS> 


RGE 


E> 


_SCAN> 


<SCANNER APPL 


ED SCAN>1</TARGE 


SCALING>0</PARA 
ERFORMANC 


, SCANN 


E>2018-04-10T11:10:362Z</UPDAT 


H 


LE 


F 


ROUP NAME><! [CDATA[Initial PC Options 2]]></G 
ROUP_TYPE>compliance</GROUP_TYPE> 
ER _ID><![CDATA[John Smith (jsmith ap) ]]></USER_ID> 


RIPTION ID>10421401</SUBSCRIPTION_ID> 


ROUP_NAM 


GI 


:D_ SCAN> 


, SCALING> 


E>Normal</OVERALL PE 


ERS>10</EXT 


IANCI 


</HOSTS TO SCAN> 
<PROCESSES TO R 


UN> 
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ES>30</SCANNI 


ERNAL SCANNI 
ER APPLIANCES> 


E DATE 


RFO 


ERS> 


RMANCE> 


<PORT SCANNING AN 
ISCOVERY> = 
</PERFORMANC 
<DISSOLVAB 


<HAS_PASSWOR 


<WINDOWS SHA 


BLI 


F> 


<WINDOWS DIRECTO 


E> 


<IGNOR 
P_RST> 


<IGNOR 


</DISSOLVABLE 
<FII 


</FIL 
<CONT 


</CONT 
</SCAN> 

<ADDITIONAL> 
<HOST_ 


</HOST_DISCOVE 
<PAC 
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CESS 


ESSES> 


<TOTAL 
<HTTP 

</ PROC 
<PACK 


PRO 
PROC 
ESSES 
ET DELA 


D H 


ES>10</TOTAL PROC 
ESSES>10</HTTP_PROC 
TO _RUN> 

Y>Medium</ 


ESSES> 


PACKET DE 


AY> 


OST_ 


E A 


ENT> 


<DISSOLVABLE 


DISCOVERY>Normal</PORT SCANNING AND HOST D 


AGENT ENABLE>0</DISSOLVABL 


T 


<PASSWORD_ AU 


D AU 
</PASSWO 


DITI 
RD A 


ENUM. 


£ 


RY 


S 


‘RATION ` 


AGE 


ENABLE 


DITING ENABLE> 


NG ENAB 
UDITING _ 


E>O0</ 
ENABL 


HAS PASSWORD A 
E> 


UDITING 


ENABLE 


ENABLE>0</WINDOWS SHARE 


= 
g 
< 


‘RATION | 


EARC 


ENABLE>0</WINDOWS DIRECTO 


AG 


ENT> 


E INTEGRIT 
p 


Y MONITORING> 


<AUTO UPDATE 


EARCH_ENABL 


EXPECTED VALUE>1</AUTO UP 


DATE 


E INTEG 
ROL TYPES 
<FIM CONTROL 


RITY MONITORING> 


EXP 


ECT 


ED VALUE 


Vv 


> 
S 


ENABL 


£ 


'D>0</FIM CONTROLS ENABL 


<CUSTOM_WMI 
ROL TY 


PE 


<TCP_PORTS> 
<STANDARD _ 
</TCP_PORTS> 
<UDP_PORTS> 
<STANDARD _ 
</UDP_PORTS> 
<ICMP>1</ICM 


KET OPTION 


T 


ED> 


QUERY CHECKS>0</CUSTOM WMI QU 


ERY CH 


ECKS> 


S> 


DISCOVERY> 


SCAN>1</STANDARD SCAN> 


SCAN>1</STANDARD SCAN> 


P> 
RY> 
S> 


REWALL GEN 


ERATED TCP RST>0</IGNOR 


T 


ET 


EWAL 


F 


| FI 


EN 


ERATED TC 


REWALL 


[ED TCP SYN ACK>0</IGNORE 


D TCP SYN ACK> 


EWA 


L GE 
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END TCP ACK OR SYN ACK DURING HOST DISCOVERY>0</NOT SEND TCP 
ACK _ OR SYN ACK DURING HOST DISCOVERY> 


</PACKET OPTIONS> 
</ADDITIONAL> 
</OPTION_PROFILE> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>31118</ID> 
<GROUP_NAME><! [CDATA[pc 55]]></GROUP_NAM 
<GROUP_TYPE>compliance</GROUP TYPE> 
<USER_ID><![CDATA[John Smith (jsmith_ ap) ]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>10421401</SUBSCRIPTION ID> 
<IS_GLOBAL>0</IS_GLOBAL> 
<UPDATE_DATE>2018-04-10T11:10:36Z</UPDATE DATE> 


eal 
V 


</BASIC INFO> 
<SCAN> 
<PORTS> 
<TARGETED SCAN>1</TARGETED SCAN> 
</PORTS> 
<PERFORMANCE> 
<PARALLEL SCALING>0</PARALLEL SCALING> 
<OVERALL PERFORMANCE>High</OVERALL PERFORMANCE> 
<HOSTS_TO_SCAN> 
<EXTERNAL SCANNERS>20</EXTERNAL_SCANNERS> 
<SCANNER_APPLIANCES>40</SCANNER_APPLIANCES> 


</HOSTS TO SCAN> 
<PROCESSES TO RUN> 
<TOTAL PROCESSES>15</TOTAL PROCESSES> 
<HTTP PROCESSES>15</HTTP_ PROCESSES> 
</PROCESSES TO RUN> 
<PACKET DELAY>Short</PACKET DELAY> 
</PERFORMANCE> 
<SCAN RESTRICTION> 
<SCAN BY POLICY> 
<POLICY> 
<ID>10472</ID> 
<TITLE><! [CDATA[jp] ]></TITLE> 
</POLICY> 
</SCAN BY POLICY> 
</SCAN RESTRICTION> 
<FILE INTEGRITY MONITORING> 
<AUTO UPDATE EXPECTED VALUE>1</AUTO_ UPDAT 
</FILE INTEGRITY MONITORING> 
</SCAN> 


pa 


T 


T 


EXPECTED VALUE 


V 
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<ADDITIONAL> 
<HOST DISCOVERY> 
<TCP_PORTS> 
<STANDARD_ SCAN>1</STANDARD_SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>80,35</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
<UDP_PORTS> 
<STANDARD SCAN>1</STANDARD_SCAN> 
</UDP_PORTS> 
<ICMP>1</ICMP> 
</HOST_DISCOVERY> 
<BLOCK RESOURCES> 


<WATCHGUARD DEFAULT BLOCKED PORTS>1</WATCHGUARD DEFAULT BLOCKED PO 
RTS> 


<ALL REGISTERED IPS>1</ALL REGISTERED IPS> 
</BLOCK RESOURCES> 
<PACKET_OPTIONS> 


£ 


FIREWALL GENERATED TC 


<IGNORE_ FIREWALL GENERATED TCP RST>1</IGNOR 
P_RST> 


<IGNORE FIREWALL GENERATED TCP SYN ACK>1</IGNORE FIREWALL GENERATE 


eal 
Z 


D TCP 


END TCP ACK OR SYN ACK DURING HOST DISCOVERY>1</NOT_ SI 
ACK OR SYN ACK DURING HOST DISCOVERY> ` ü 
</PACKET OPTIONS> 
</ADDITIONAL> 
</OPTION PROFILE> 
<OPTION PROFILE> 
<BASIC_ INFO> 
<ID>51481401</ID> 
<GROUP_NAME><! [CDATA[pc op - 1]]></GROUP_NAME> 
<GROUP_TYPE>compliance</GROUP_TYPE> 
<USER_ID><![CDATA[John Smith (jsmith ap) ]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 
<SUBSCRIPTION ID>10421401</SUBSCRIPTION ID> 
<IS_GLOBAL>0</IS_GLOBAL> 
<UPDATE DATE>2018-04-10T11:10:36Z</UPDAT 
</BASIC_INFO> 
<SCAN> 
<PORTS> 


T 


| DATE> 
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<TARGETED SCAN>1</TARGETED SCAN> 
</PORTS> 
<PERFORMANCE> 
<PARALLEL SCALING>1</PARALLEL SCALING> 
<OVERALL PERFORMANCE>High</OVERALL PERFORMANCE> 
<HOSTS_TO_SCAN> 
<EXTERNAL SCANNERS>20</EXTERNAL SCANNERS> 
<SCANNER APPLIANCES>40</SCANNER APPLIANCES> 


</HOSTS_TO_SCAN> 
<PROCESSES_TO_RUN> 
<TOTAL PROCESSES>15</TOTAL PROCESSES> 
<HTTP PROCESSES>15</HTTP PROCESSES> 

</PROCESSES_TO_RUN> 
<PACKET_DELAY>Short</PACKET_DELAY> 


T 


<PORT SCANNING AND HOST DISCOVERY>Normal</PORT SCANNING AND HOST D 
ISCOVERY> p u - p 
</PERFORMANCE> 
<SCAN_RESTRICTION> 
<SCAN BY POLICY> 
<POLICY> 
<ID>14487</ID> 
<TITLE><! [CDATA[jp2] ]></TITL 
</POLICY> 
</SCAN BY POLICY> 
</SCAN_RESTRICTION> 
<FILE INTEGRITY MONITORING> 
<AUTO_ UPDATE EXPECTED VALUE>0</AUTO UPDAT 
</FILE INTEGRITY MONITORING> 
</SCAN> 
<ADDITIONAL> 
<HOST DISCOVERY> 
<TCP_PORTS> 
<STANDARD SCAN>1</STANDARD SCAN> 
<TCP_ADDITIONAL> 
<HAS ADDITIONAL>1</HAS ADDITIONAL> 
<ADDITIONAL PORTS>1</ADDITIONAL PORTS> 
</TCP_ADDITIONAL> 
</TCP_PORTS> 
<UDP_PORTS> 
<STANDARD SCAN>1</STANDARD SCAN> 
</UDP_PORTS> 
<ICMP>1</ICMP> 
</HOST DISCOVERY> 
<BLOCK RESOURCES> 


eal 
V 


T 


EXPECTED VALUE 


Vv 
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EGISTERED IPS> 


<WATCHGUARD DEFAU 
RTS> A E 
<ALL REGISTERED IPS>1</ALL R 
</BLOCK_RESOURCES> 
<PACKET OPTIONS> 


LT BLOCKED PORTS>1</WATCHGUARD DEFAULT BLOCKED PO 


<IGNORE FIREWALL GENERATED TCP RST>1</IGNORE FIREWALL GENERATED TC 
P RST> ` C ú Ë ú 
<IGNORE FIREWALL GENERATED TCP SYN _ACK>1</IGNORE FIREWALL GENERATE 
D TCP SYN ACK> r E E 
<NOT SEND TCP ACK OR SYN ACK DURING HOST DISCOVERY>1</NOT SEND TCP 
ACK OR SYN ACK DURING HOST DISCOVFRY> ` +> 
</PACKET_OPTIONS> 
</ADDITIONAL> 
</OPTION PROFILE> 
<OPTION PROFILE> 
<BASIC_INFO> 
<ID>51491401</ID> 
<GROUP_NAME><! [CDATA [pc op - 2]]></GROUP_NAME> 
<GROUP_TYPE>compliance</GROUP TYPE> 


<USER_ID><![CDATA[John Smith (jsmith_ap)]]></USER_ID> 
<UNIT_ID>0</UNIT_ID> 


RIPTION ID>10421401</SUBSCRIPTION ID> 


E>2018-04-10T11:10:36Z</UPDATE DATE> 


SCALING> 


ERFORMANCE>Normal</OVERALL PERFORMANCE> 


RNAL SCANNERS> 
R_APPLIANCES>30</SCANNER_APPLIANCES> 


ROCESSES> 


<SUBSC 
<IS_GLOBAL>0</IS_GLOBAL> 
<UPDATE DAT 
</BASIC_INFO> 
<SCAN> 
<PORTS> 
<STANDARD_ SCAN>1</STANDARD_ SCAN> 
</PORTS> 
<PERFORMANCE> 
<PARALLEL SCALING>0</PARALLE 
<OVERALL P 
<HOSTS TO SCAN> 
<EXTERNAL SCANNERS>10</EXTE 
<SCANNE 
</HOSTS_TO_SCAN> 
<PROCESSES_TO_RUN> 
<TOTAL PROCESSES>10</TOTAL F 
<HTTP PROCESSES>IO</HTIP PROCESSES> 
</PROCESSES_TO_RUN> 


<PACKET_D 


<PORT_SCANN 


ELAY>Medium</PACK 


ING AN 
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ET 


ELAY> 


D_HOST_DISCOVERY>Normal</PORT_SCANNING_AND_HOST_D 


ISCOV 


ERY> 
</PERFO 
<SCAN_R 

<SCAN_ 
<POL 
<I 

<T 
</PO 
<PO] 
<1 

<T 
</PO 
</SCAN 
</SCAN_R 


my 
Ë, 


Li 


RMANC 


E> 
STRICTION> 
BY POLICY> 
ICY> 
D>14661401</ID> 
ITL] 


LICY> 
ICcY> 
D>14651401</ID> 
TTL] 
LICY> 

BY POLICY> 
ESTRICTION> 


<FILE_IN 


TEGRITY MONT’ 


LEG 
UPDATE EXPECT 


E><![CDATA[policy - 2]]></TITL 


E><![CDATA[policy - 1]]></TITL 


O 


TORING> 


<AUTO_ 
</FILE I 


NTEG 


</SCAN> 
<ADDITIONA 
<HOST DI 
<TCP P 
<STA 
</TCP_ 
<UDP_P 
<CUS 
</UD 
<ICMP> 
</HOST_D 


p 


L> 
SCOVERY> 
ORTS> 
NDAR 
PORTS> 
ORTS> 
TOM PO 
PORTS> 
1</ICM 
ISCOVE 
ESOURC 


P> 
RY> 
FS > 


<BLOCK R 
<CUSTO 
<CUSTO 


M PORT 
M IP_ 
RESOURCES> 


</BLOCK 
<PACKE1 


F 


4 


<IGNORE FIREWA 


_O 


PTIONS> 


ENERATE EG 


P_RST> 


<IGNORE FIREWA 


4 


RATE LC 


D TCP SYN ACK> 


END TCP 


<NOT S] 


ACK OR SYN ACK 


_ ED VALU 
RITY MONITORING> 


D SCAN>1</S1 


RT><! [CDA] 


ACK O 


R SYN ACK DURING HOST DISCOV. 


</PACKET 
</ADDITION 
</OPTION PRO 
</OPTION PROFI 


_OPTIONS> 
AL> 

FILE> 
LES> 


TANDARD_SCAN> 


TA[37,53,68,69,111 


_LIST><! [CDATA[111]]></CUSTOM PORT LIST> 
LIST><! [CDATA[10.10.10.6] ]></CUSTOM_IP_ 


E>0</AUTO_UPDAT 
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EXPE 


T 


ED VALUE 


]]></CUSTOM_PORT> 


LIST> 


$ 


P RST>0</IGNORE FI 


EN 


ERATE 


EWALL LC 


EWALL 


P SYN ACK>0</IGNOR 


E FIR 


DURING HOST DISCOV 
ERY> 
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Sample - List Option Profile for Database UDCs 


List the database preference key setting and it's corresponding value in Option Profile for 
MS SQL, Oracle, Sybase, PostgreSQL/Pivotal Greenplum, SAP IQ, and IBM DB2. 


API request: 


curl -u "username:password" -H "X-Requested-With:curl" -H 
"Content-type: text/xml" -X -d "action=list&id=1710150" 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/pc/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE OPTION PROFILES SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/subscription/option profi 
le/option profile info.dtd"> 
<OPTION PROFILES> 

<OPTION PROFILE> 

<BASIC_ INFO> 
<ID>1710150</ID> 


</SCAN BY POLICY> 
</SCAN RESTRICTION> 
<DATABASE PREFERENCE KEY> 
<MSSQL> 
<DB_UDC_RESTRICTION>1</DB_UDC_RESTRICTION> 
<DB_UDC_LIMIT>250</DB_UDC_LIMIT> 


</MSSQL> 

<ORACLE> 
<DB_UDC_RESTRICTION>1</DB UDC _RESTRICTION> 
<DB_UDC_LIMIT>10</DB_UDC_LIMIT> 

</ORACLE> 

<SYBASE> 
<DB_ UDC RESTRICTION>1</DB UDC _RESTRICTION> 
<DB_UDC_LIMIT>60</DB_UDC_LIMIT> 

</SYBASE> 

<POSTGRESQL> 
<DB_UDC_RESTRICTION>1</DB UDC _RESTRICTION> 
<DB UDC LIMIT>2500</DB UDC _LIMIT> 


</POSTGRESQL> 
<DB2> 
<DB_UDC_RESTRICTION>1</DB_ UDC_RESTRICTION> 
<DB_UDC_LIMIT>300</DB_UDC_LIMIT> 
</DB2> 
</DATABASE PREFERENCE KEY> 
<FILE INTEGRITY MONITORING> 
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<AUTO UPDATE EXPECTED VALUE>0</AUTO UPDAT 
</FILE INTEGRITY MONITORING> 
</SCAN> 


T 


EXPECTED VALUE> 


</ADDITIONAL> 
</OPTION PROFILE> 
</OPTION PROFILES> 


DTD 
<platform API server>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd 


Delete Compliance Option Profile 
/api/2.0/fo/subscription/option_profile/pc/?action=delete 
[GET] [POST] 


Input Parameters 


Parameter Description 
action=delete (Required) 
id={value} (Required) The ID of the option profile. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=deleteéid=51491401" 
"http://qualysapi.qualys.com/api/2.0/fo/subscription/option profil 
e/pc/" 


XML output: 

<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 

"http://qualysapi.qualys.com/api/2.0/simple return.dtd"> 

<SIMPLE RETURN> 

<RESPONSE> 

<DATETIME>2018-04-10T11:10:36Z</DATETIME> 
<TEXT>Option Profile Deleted Successfully</TEXT> 


<KEY>ID</KEY> 
<VALUE>51491401</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 


za] 
V 
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</SIMPLE RETURN> 
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KnowledgeBase 
/api/2.0/fo/knowledge_base/vuln/?action=list 
[GET] [POST] 


Download a list of vulnerabilities from Qualys’ KnowledgeBase. Several input parameters 
grant users control over which vulnerabilities to download and the amount of detail to 
download, and the XML output provides a rich information source for each vulnerability. 


Qualys’ Sofware-as-a-Service (SaaS) technology includes its KnowledgeBase, with the 
industry’s largest number of vulnerability signatures, that is continuously updated by 
Qualys’ Research and Development team. Qualys is fully dedicated to providing the most 
accurate security audits in the industry. Each day new and updated signatures are tested 
in Qualys’ own vulnerability labs and then published, making them available to Qualys 
customers. When Threat Protection is enabled for your subscription, the output will 


include Real-Time Threat Indicators (RTIs) associated with vulnerabilities. 


Authorized Qualys users have the ability to download vulnerability data using the 
KnowledgeBase API. Please contact Qualys Support or your sales representative if you 
would like to obtain authorization for your subscription. 


Permissions - Your subscription must be granted permission to run this API function. 
Please contact Qualys Support or your sales representative to receive this authorization. 


Role Permissions 

Manager, Unit Manager, Download vulnerability data from the KnowledgeBase. 

Scanner, Reader 

Auditor No permission to download vulnerability data from the 
KnowledgeBase. 


Input Parameters 


Several optional input parameters may be specified. When unspecified, the XML output 
includes all vulnerabilities in the KnowledgeBase, showing basic details for each 
vulnerability. Several optional parameters allow you specify filters. When filter 
parameters are specified, these parameters are ANDed by the service to filter the data 
from the output. 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Show (echo) the request’s input parameters (names 


and values) in the XML output. When unspecified, parameters 
are not included in the XML output. Specify 1 to view parameters 
in the XML output. 


details={Basic|All|None} (Optional) Show the requested amount of information for each 
vulnerability in the XML output. A valid value is: Basic (default), 
All, or None. Basic includes basic elements plus CVSS Base and 
Temporal scores. All includes all vulnerability details, including 
the Basic details. 
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ids={value} 


(Optiona 
vulnerabilit 
numbers 


es 


sed to fi 
that 
you specif 


the 
QII 


D numbers matching the QII 


XML output to include only 


U 


id_min={value} 


iona 
erabilities 
D number you 


U 


sed to fi 
that 


the 


specify. 


a QID number greater than 


XML output to show on 


y 
or equal to 


id_max={value} 


sed to 
es 


tiona 
nerabiliti 
Dnum 


U 


that have 
ber you specify. 


filter the 


a QID number less than or 


XML output to show on 


y 
equal to a 


is_patchable={0|1} 


sed to 
es 
nerability is 
spec 
included in the 
nerabilities 


o < e o 
= S] 
O 
D 
pä 
a 


nerabili 


consi 
ified, on 


u that are 
utput. When unspecifi 
u ilities will be included in the output. 


filter the 


that are patchable or not patchable. A 
dered pa 
y vuln 
output. Wh 
not patchable will be included in the 
ed, pa 


XML output to show on 


y 


exists for it. 
tchable will 


tchable when a patch 
erabilities that are pa 
en 0 is specified, only 


tchable and unpatchable 


last_modified_after={date} 


ptional) U 
ulnerabiliti 
specified vulnerab 
will be shown. The 
DD[THH:MM:SSZ] 


O 


AN 39: O: AT 


lities last 


format (U 


date/time 


sed to filter the XML output to show only 
es last modified after a certain date and time. When 


modified by a user or by the service 
is specified in YYYY-MM- 
TC/GMT). 


last_modified_before={date} 


Optional) Used to 
vulnerabili 
When 


DI 


D[THH:MM:$SZ] 


ties last 
specified vul 
service will be shown. The d 


filter the 


XML output to show only 


modified before a certain date and time. 
nerabiliti 


es last modified by a user or by the 
ate/time is specified in YYYY-MM- 


format (U 


TC/GMT). 


last_modified_by_user_after={date} 


(Opti 
vulnerabilities 
time. 
form 


The date/time is specified in YYYY-MM-DI 
at (UTC/GMT). 


onal) Used to filter the XML output to show only 
ast modified by a user after a certain date and 


D[THH:MM:SSZ] 


last_modified_by_user_before={date 


(Opti 
vulnerabilities 

time. The date/ 
form 


onal) Used to filter the XML output to show only 

ast modified by a user before a certain date and 
time is specified in YYYY-MM-D] 
at (UTC/GMT). 


D[THH:MM:SSZ] 


last_modified_by_service_after={date} 


(Opti 
vulnerabilities 
and 
DD 


onal) Used to filter the XML output to show only 

ast modified by the service after a certain date 
time. The date/time is specified in YYYY-MM- 
THH:MM:SSZ] format (UTC/GMT). 
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last_modified_by_service_before={date} 


Used to fil 
ities last m 


Optional 
vulnerabi 
and time. 


ter the XML ou 
odified by the service before a certain date 
The date/time is specified 
DD[THH:MM:SSZ] format (UTC/GMT). 


in 


tput to 


show only 


YYYY-MM- 


published_after={date} 


(Optiona 
vulnerabi 
date/time 
(UTC/GMT). 


iti 


Used to filter the XML out 
es published after a cert 
specified in YYYY-MM-DI 


put to 
ain date and time. The 


D[TH 


show only 


H:MM:SSZ] format 


published_before={date} 


(Optiona 
vulnerabili 
date/time 
(UTC/GMT). 


Used to filter the XML ou 
ies published before a certain date and time. The 
specified in YYYY-MM-DI 


tput to 


D[TH 


show only 


H:MM:SSZ] format 


discovery_method={value} 


(Optiona 
vulnerabi 
value is: 


iti 


When “Authenticated” is specified, th 
ities that have at least one 
type. Vulnerabilities that have at leas 
can be detected in two ways: 1 
entication, and 2) using a 


vulnerabi 


auth 


) Used to filter the XML ou 
es assigned a certain discovery method. A valid 
Remote, Authenticated, Rem 
AuthenticatedOnly, or RemoteAndAuthenti 


uthenti 


remo 


tput to show only 


oteOnly, 


cated. 


e service shows 
associated authentication 


t one authentication type 
tely wi 
cation. 


thout using 


discovery_auth_types={value} 


(Optional 
vulnerabi 
va 


Mul 


enti 
x, SNMP, DB2, HTTP, PANOS, 
, WEBLOGIC, MySQL, VMware. 


Used to filter the XML output to show only 
ities having one or more auth 
ue is: Windows, Oracle, Uni 
TOMCAT, MARIADB, MongoDB 
tiple values should be comma-separated. 


cation types. A valid 


show_pci_reasons={0|1} 


(Opti 
passi 


onal) Used to filter the 
ng or failing PCI compl 


XML output to show reasons for 
iance (when the CVSS Scoring 


feature is turned on in the user's subscription). Specify 1 to view 


the reasons in the XML outpu 


are not included in the XML output. 


t. When unspecified, the reasons 


show_supported_modules_info= 


0/1} 


(Optional 


that can be used to detect each 
supported modules in the XML 
supported modules are not inc 


Used to filter the XML output to show Qualys modules 
vulnerability. Specify 1 to view 
output. When unspecified, 

uded in the XML output. 


show_disabled_flag={0|1} 


(Optional 
vulnerabi 


Specify 1 to include 
ity in the XML output. 


the disabled flag for each 


show_qid_change_log={0|1} 


(Optional 
vulnerabi 


Specify 1 to include QII 
ity in the XML output. 


D changes for each 
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Real-Time Threat Indicators (RTIs) 


A 


enabled for the subscription. 


Real-Time Threat Indicators are described below. 


RTI (ID) 


Description 


Scan Configuration 
KnowledgeBase 


[he KnowledgeBase list output includes Real-Time Threat Indicators (RTIs) associated 
with each vulnerability. RTIs appear as part of vulnerability details under 
THREAT_INTELLIGENCE. Please note that RTIs are only visible when Threat Protection is 


Zero_Day (1) 


Active attack has been observed in the wild and there is no patch 
from the vendor. An active attack is a prerequisite for this RTI in 
addition to no patch from the vendor. If a vulnerability is not 
actively attacked this RTI will not be set (even if there is no patch 


from the vendor). If a patch becomes available Qualys will 
remove the Zero Day RTI attribute which he 


7 


ps users to focus 


only on vulnerabilities that are actively exploited and there is no 


official patch. 


Exploit_Public (2) 


Exploit knowledge is well known and a working exploitation code 


is publicly available. Potential of a 
attribute is set for example when 
from Exploit-DB, Metasploit, Core, 


ctive attacks is very high. This 
PoC exploit code is available 
Immunity or other exploit 


vendors. This RTI does not necessarily indicate that active attacks 


have been observed in the wild. 


Active_Attacks (3) 


Active attacks have been observed in the wild. This information is 
derived from Malware, Exploit Kits, acknowledgment from 
vendors, US-CERT and similar trusted sources. If there are no 
patches, Qualys will mark it as Zero Day, in addition, to actively 


attacked. 


High_Lateral_Movement (4) 


After a successful compromise, th 
compromise other machines in th 


e attacker has high potential to 
e network. 


Easy_Exploit (5) 


The attack can be carried out easi 


ly and requires little skills or 


does not require additional information. 


High _Data_Loss (6) 


Successful exploitation will result 
host. 


in massive data loss on the 


Denial_of_Service (7) 


Successful exploitation will result 


in denial of service. 


No_Patch (8) 


The vendor has not provided an o 


ficial fix. 


Malware (9) 


Malware has been associated with 


the vulnerability. 


Exploit_Kit (10) 


td 


w 


identifying vulnerable browsers/p 


ig and others. 


xploit Kit has been associated with this vulnerability. Exploit Kits 
re usually cloud based toolkits that help malware writers in 


ugins and install malware. 


Users can also search on Exploit Kit name like Angler, Nuclear, 
R. 


Wormable (11) 


Wormable has been associated wi 


th this vulnerability. The 


vulnerability can be used in “worms” - malware that spreads itself 


without user interaction. 
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RTI (ID) 
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KnowledgeBase 


Description 


Predicted_High_Risk (12) Predicted High Risk has been associated with this vulnerability. 


Qualys Machine Learning Model predicted this vulnerability as a 
High Risk based on various data sources including NVD, Social 
network, Dark web, Security Blogs, Code repository, Exploits, etc. 


Privilege_Escalation (13) Successful exploitation allows an attacker to gain elevated 
privileges. 

Unauthenticated_Exploitati Exploitation of this vulnerability does not require authentication. 

on (14) 

Remote_Code_Execution Successful exploitation allows an attacker to execute arbitrary 

15) commands or code on a targeted system or in a target process. 

Ransomware (16) This vulnerability has been exploited in attack vectors where 
ransomware has been deployed. In other words, this vulnerability 
is associated with known ransomware. 

Solorigate_Sunburst (17) Solorigate Sunburst has been associated with all the CVEs, used 
by FireEye's Red Team tools to test the security of their client 
environments and compromised versions of SolarWinds Orion. 

CISA Known Exploited CISA maintains a catalog of the top publicly known 

Vulnerabilities (18) vulnerabilities being exploited in the wild and organizations 
(referred as CISA Known Exploitable Vulnerabilities) are advised 
to patch affected systems on priority. This RTI indicates that the 
vulnerability is associated with the CISA catalog and with CVE 
mappings to respective QIDs. We will add the CISA Known 
Exploited Vulnerabilities to QIDs within 24hrs of CISA catalog 
updates with new CVEs. 

This CISA Directive recommends urgent and prioritized 
remediation of the vulnerabilities that adversaries are actively 
exploiting. 

The timelines are available in CISA's Catalog for each of the CVEs. 

Samples 


Sample 1 - Request all vulnerabilities in the KnowledgeBase showing basic details: 


curl -u "user:password" -H "X-Requested-With: Curl" -X "POST" 

-d "action=list" 
"https://qualysapi.qualys.com/api/2.0/fo/knowledge_ base/vuln/" > 
output.txt 


Sample 2 - Request patchable vulnerabilities that have QIDs 1-200 showing all details: 


curl -u "user:password" -H "X-Requested-With: Curl" -X "POST" 

-d "“action=listéids=1-200&is patchable=1&details=A11" 
"https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/" > 
output.txt 


194 


Scan Configuration 
Editing Vulnerabilities 


Sample 3 - Request vulnerabilities that were last modified by the service after July 20, 2011 
and that have the “remote and authenticated” discovery method: 


curl -u "user:password" -H "X-Requested-With: Curl" -X "POST" 

-d "action=listélast modified by service after=2011-07-20 
&discovery method=RemoteAndAuthenticated" 
"https://qualysapi.qualys.com/api/2.0/fo/knowledge_ base/vuln/" > 
output.txt 


DTD 


<platform API 
server>/api/2.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd 


Editing Vulnerabilities 
/api/2.0/fo/knowledge_base/vuln/ 
[POST] 


Edit, reset and list the edited vulnerabilities in the Qualys Vulnerability KnowledgeBase. 


Permissions - Managers have permissions to edit vulnerabilities and make API requests to 
edit a vulnerability, reset a vulnerability and list customized vulnerabilities. 


Edit a vulnerability 


You can change the severity level and/or add comments to Threat, Impact or Solution. 
Providing at least one optional parameter is mandatory. 


Parameter Description 

action=edit Required) POST method is required 
qid={value} (Required) QID of the vulnerability to be edited. 
severity={value} Optional) Severity level between 1 to 5. 


Changing the severity level of a vulnerability impacts how the 
vulnerability appears in reports and how it is eventually 
prioritized for remediation. 

For example, by changing a vulnerability from a severity 2 to a 
severity 5, remediation tickets for the vulnerability could have a 
higher priority and shorter deadline for resolution. 


disable={0|1} Optional) Specify 1 to disable the vulnerability. Default is 0. 
When you disable a vulnerability it is globally filtered out from 
all hosts in all scan reports. The vulnerability is also filtered from 
host information, asset search results and your dashboard. You 
may include disabled vulnerabilities in scan reports by changing 
report filter settings. 


threat_comment (Optional) Threat comments in plain text. 
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Parameter Description 
impact_comment (Optional) Impact comments in plain text. 
solution_comment (Optional) Solution comments in plain text. 


Comments added for Threat, Impact, or Solution are appended to the service-provided 
descriptions in the vulnerability details. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=edité&impact comment=testimpactéqid=27014" 
"https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-03-02T08:51:592Z</DATETIME> 
<TEXT>Custom Vuln Data has been updated successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>qid</KEY> 
<VALUE>27014</VALU 
</ITEM> 
EM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


T 


eal 
V 


Reset a vulnerability 
You can change the vulnerability settings back to original. 


Parameter Description 
action=reset (Required) POST method is required 
qid={value} (Required) QID of the vulnerability to be reset. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=reset&qid=27014" 
"https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
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<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-03-02T08:55:112</DATETIME> 
<TEXT>Custom Vuln Data has been reset successfully</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


List customized vulnerabilities 
You can list the vulnerabilities that are edited. 


Parameter Description 
action=custom (Required) GET or POST method can be used. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=custom" 
"https://qualysapi.qualys.com/api/2.0/fo/knowledge_ base/vuln/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE KB CUSTOM VULN LIST OUTPUT SYSTEM 


"https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/kb_ cu 
stom vuln list _output.dtd"> 


<KB_CUSTOM VULN LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2017-03-02T08:47:52Z</DATETIME> 
<CUSTOM VULN_LIST> 
<CUSTOM VULN_DATA> 
<QID> 
<! [CDATA[27014]]> 
</QID> 
<SEVERITY LEVEL>5</SEVERITY LEVEL> 


T 


<ORIGINAL SEVERITY LEVE >5</ORIGINAL SEV 
<IS_DISABLE D>1</IS_DISAB 
<UPDATED DATETIME> 

<! [CDATA[2017-03-02T05:58:402]]> 

</UPDATED DATETIME> 

<UPDATED BY> 

<! [CDATA [mr_md] ]> 
</UPDATED BY> 
<THREAT COMMENT> 


iRITY LEVEL> 
ED> 
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<! [CDATA [threat123]]> 
</THREAT_COMMENT> 
<IMPACT COMMENT> 

<! [CDATA[impact123]]> 
</IMPACT COMMENT> 
<SOLUTION COMMENT> 

<! [CDATA[solution123]]> 
</SOLUTION_COMMENT> 

</CUSTOM_VULN_DATA> 
</CUSTOM VULN_LIST> 
</RESPONSE> 
</KB_CUSTOM VULN LIST OUTPUT> 


DTD 
<platform API server>/api/2.0/fo/knowledge_base/vuln/kb_custom_vuln_list_output.dtd 


Static Search Lists 
/api/2.0/fo/qid/search_list/static/ 

Create static search lists and get information about them. 
Permissions - as below. 


User Role Permissions 


Manager, Unit Manager, Create, update, list and delete search lists. 
Scanner, Reader 


Auditor No permission to create, update, list and delete search lists. 


List static search lists 


Input parameters 


Parameter Description 

action=list (Required) 

echo_request={0/1} (Optional) Specify 1 to show input parameters in XML 
output. 

ids={id1,id2...} (Optional) One or more search list IDs to display. 


Multiple IDs are comma separated. 


Sample - List static search list 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/static/?a 
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ction=list&ids=381" 


XML response: 


<?xml version="1.0" encoding="UTF-8" 


<!DOCTYPE 


"https://q 


atic list 
<STATIC S 


EARCH_LIST_OUTPUT> 


STATIC SEARCH LIS 
ualysapi.qualys.c 
tput.dtd"> 


<R 


ESPONS 


E> 


<DAT 


ETIME>2018-06-06T06:20:03Z</DAT 


<STATIC 


LISTS> 


<STATIC LIST> 
<ID>381</ID> 


<TIT 
<GLOBA 
<OWNI 
<CR 


(GMT+0530 


<MO 
<MO 


(GMT+0530 


<QI 


E><! [CDATA[sta 
L>Yes</GLOBAL 
tb</ OWN 
DATA[Ü 
,D> 


my 
Ë, 


R>acme _ 
FATED>< ! [C 
]></CREAT 
DIFIED_ 
DIFIED><! [CDATA[ 
) ]]></MODIFIED> 
DS> 
<QID>1000<QID> 
<QID>1001<QID> 


F 


F 


)] 


</QIDS> 


<!-- This list is u 


<OPTION PROFI 


</OPTION F 


< 
/ /==2> 


<R 


</ 


< 
policies. 


<R 


ES> 
<OPTION _ PROFILI 
<ID>135<ID> 
<TITLE><! 
<OP'TION_PROF1ILI 
ROFILES> 
list is 


p 


!—— This u 


EPORT TEMPLAT 
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?> 
T_OUTPUT SYSTEM 
om/api/2.0/fo/qid/search list/static/st 


ETIME 


tic search list]]></TITLE> 
> 


ER> 


6/01/2018 at 15:18:42 


BY>acme_tb</MODIFIED_BY> 


06/02/2018 at 15:18:42 


sed in the following option profiles //- 


E> 


[CDATA[Initial Options] ]></TITLE> 
E> 


sed in the following report templates 


<REPORT TEMPLAT 


E> 


<ID>256<ID> 
<TITLE><! 


Fa 


DATA[Scan Report Template] ]></TITLI 


RT D 


E> 


_ TEMPLAT 
TEMPLATES> 


RE 
! s= 
//--> 
EMEDIATION POLICI 
<REMEDIATION PO 

<ID>655<ID> 


PORT 


This list is used in the following remediation 


ES> 


LICY> 
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<TITLE><! [CDATA [Remediation Policy 1]]></TITL 
<REMEDIATION POLICY> 
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ea 
Vv 


</REMEDIATION POLICIES> 


< hb 
distributio 
<D T 


- This search list is associated with following 
n groups. //--> 
STRIBUTION GROUPS> 


<DISTRIBUTION GROUP> 

<NAME><! [CDATA[A11] ]></NAM 
<DISTRIBUTION GROUP> 
</DISTRIBUTION GROUPS> 


zal 
Vv 


<COMMENTS><! [CDATA[This is my first comment for this 
list] ]></COMMENTS> 
</STATIC_LIST> 


</STATIC 


_LISTS> 


</RESPONS 


E> 


</SEARCH LI 


DTD 


ST OUTPUT> 


<platform API server>/api/2.0/fo/qid/search_list/static/static_list_output.dtd 


Create static sea 


Input parameters 


rch lists 


Parameter Description 
action=create (Required 
echo_request={0/1} (Optional) Specify 1 to show input parameters in XML output. 


title={value} 


(Required 


A user defined search list title. Maximum is 256 


characters (ascii). 


qids=(num1, numz...} 


(Required 


QIDs to include in the search list. Ranges are allowed. 


global={0|1} 


(Optional) 


all subscri 


Specify 1 to make this a global search list, available to 
ption users. 


comments={value} 


(Optional) 


User defined comments. 


Sample - Create search list 


API request: 


curl -u "US 


ERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 


"action=createétitle=My+StatictSearch+List&qids=68518-68522, 48000" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/static/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE S 


IMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
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<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2015-09-01T21:32:402</DATETIME> 
<TEXT>New search list created successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>136992</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


ea) 
V 


Update static search list 


Input parameters 


Parameter Description 
action=update Required) 
echo_request=[0|1) Optional) Specify 1 to show input parameters in XML output. 
id=[id) (Required) The ID of the search list you want to update. 
title=[value) Optional) The search list title. Maximum is 256 characters (ascii). 
global={0|1} Optional) Specify 1 to make this a global search list. 
qids=(num1, num2...} Optional) QIDs/ranges to include in the search list. Multiple 
entries are comma separated. 
*“QIDs specified will replace all existing ones defined for the 


search list, if any. 


gids cannot be specified with add_gids or remove_gqids in the 
same request. 


add_qids=(num1, num2...} (Optional) QIDs/ranges you want to add to the existing ones 
defined for the search list. When the same QIDs are passed using 

add_qids and remove_gids in the same request, the QIDs are 

added to the list. 


add_qids cannot be specified with gids in the same request. 


remove_qids=(num1, num2...} (Optional) QIDs/ranges you want to remove the existing ones 
defined for the search list. When the same QIDs are passed using 
add_qids and remove_qids in the same request, the QIDs are 
added to the list. 


remove_qids cannot be specified with gids in the same request. 


comments={value} (Optional) User defined comments. 


Sample - Update static search list 
API request: 
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curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=update&id=136992&global=1&qids=68518-68522,48000-48004" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/static/" 


XML response: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2015-09-017T21:32:40Z</DATETIME> 
<TEXT>Search list updated successfully</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>136992</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 


Delete static search list 


Input parameters 


Parameter Description 

action=delete (Required) 

echo_request=[0|1) (Optional) Specify 1 to show input parameters in XML output. 
id={id} (Required) The ID of the search list you want to delete. 


Sample - Delete static search list 


API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=delete&id=136992" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/static/" 


XML response: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2015-09-01T21:32:402Z</DATETIME> 


202 


<TEXT>search list deleted successfully</T! 


ITEM LIST> 


<KEY>ID</KEY> 
<VALUE>136992</VALUI 
</ITEM> 


(zal 
V 


</ITEM LIST> 


ES PONSE> 


PLE RETURN> 
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Dynamic Search Lists 
/api/2.0/fo/qid/search_list/dynamic/ 

Create dynamic search lists and get information about them. 
Permissions - as described below 


User Role Permissions 


Manager, Unit Manager, Create, update, list and delete search lists. 
Scanner, Reader 


Auditor No permission to create, update, list and delete search lists. 


List dynamic search lists 


Input parameters 


Parameter Description 

action=list (Required) 

echo_request={0|1} (Optional) Specify 1 to show input parameters in XML output. 

ids={id1,id2...} (Optional) One or more search list IDs to display. Multiple IDs are 
comma separated. 

show_qids= Optional) Set to 0 to hide QIDs defined for each search list in the 

0|1 XML output. By default these QIDs are shown. 

show_option_profiles= Optional) Set to 0 to hide option profiles associated with each 

oji search listin the XML output. By default these option profiles are 
shown. 

show_distribution_groups= (Optional) Set to O to hide distribution groups associated with 

0|1 each search list in the XML output. By default these distribution 
groups are shown. 

show_report_templates= Optional) Set to 0 to hide report templates associated with each 

oji search list in the XML output. By default these report templates 


will be shown. 


show_remediation_policies Optional) Set to O to hide remediation policies associated with 
= each search list in the XML output. By default these remediation 
{O|1} policies will be shown. 


Sample - List dynamic search list 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/dynamic/? 
action=listéids=381" 


XML response: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE DYNAMIC SEARCH LIST OUTPUT SYSTEM 
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"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/dynamic/d 


ynamic lis 
<SFARCH 
<RESPONSE> 


<DATETIME>2015-01-06T06:20:03Z</DAT 


<DYNAMIC_ L 


L output.dtd"> 
IST OUTPUT> 


ISTS> 


<DYNAMIC_LIST> 
<ID>381</ID> 


<TIT 
<GLOBA 


<OWNER>acme ` 


E><! [CDATA [sta 
L>Yes</GLOBAL> 
tb</OWNER> 


<CREAT 


(GMT+0530) ] 


D> 


(GMT+0530) ] ]></MODIFIED> 


<QIDS> 


<Q 1 
LOE 
</QIDS> 


<CRITE 
<V 


Title] ]></VULN 


D>1000<QID> 
D>1001<QID> 


RIA> 
ULNERABI 
ERABILITY TIT 


<DISCOVE 
Only] ]></DISCOVE 


<A 
Unix] ]></AUTHE 
<U 
Edited] ]></USE 


<CAT 


N 
S 


RY | 
METHOD> 


RY | 


U 


ICATION 


AHH 


and BIND]]> </CATEGORY> 


<CONFIRMED SEVE 
2]]></CONFIRMED SEVERITY> 

<POTENTIAL SEVE 
3] ]></POTENTIAL SEVERITY> 

<INFORMATION SEV 
5] ]></INFORMATION SEVERITY> 


<V 
<P 


) BY>acme_tb</MODIFII 
ED><! [CDATA[07/27/2015 at 15:18:42 


ITY TITL! 


ETIME> 


E> 


METHO 


<CVSS_BASE 


SCOR 


<CVSS_ TEMPORA 


<CVSS_ ACCESS 


SCORE><! [CDATA[3]]></CVSS_T! 
VECTOR><! [CDATA [Adjacen 


Network] ]></CVSS_ ACCESS VECTOR> 


<PATCH AVAI 
<VIRTUAL PATCH AVAILABLE><! [CDATA [Yes] ] ></VIRTUAI 


ABL] 


E><! [CDATA [Yes, 
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ED BY> 


ED><! [CDATA[07/27/2015 at 15:18:42 
]></CREATE 
<MODIFIED 
<MODIF I] 


F><! [CDATA [NOT 


HENTICATION TYPE><! [CDATA [HTTP, 
_TYPE> 
R_CONFIGURATION><! [CDATA[Disabled, 
R_CONFIGURATION> 
EGORY><! [CDA] 


(RITY><! [CDATA[1, 
(RITY><! [CDATA[2, 


ERITY><![CDATA[4, 


EMPORA 


tic search list]]></TITLI 


D><! [CDATA [Authenticated 


TA[NOT Backdoors and trojan horses, 


E><! [CDATA[2]]></CVSS_BAS 


Oracle, 


DNS 


ENDOR><! [CDATA[NOT 2brightsparks, 3com, 4d] ]></VENDOR> 
RODUCT><! [CDATA [NOT -net_ framework] ] ></PRODUCT> 


E SCORE> 


No]]></PATCH AVAI 
L PATCH AVAI 


, SCORE> 


ABLE> 
ABLE> 
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<CVE_ID><! [CDATA [NOT CVE] ]></CVE_ID> 
<EXPLOITABILITY><! [CDATA[ExploitKits, Immunity - 
Dsquare]]> </EXPLOITABILITY> 
<ASSOCIATED MALWARE><! [CDATA[Trend 
Micro] ]></ASSOCIATED MALWARE> 
<VENDOR REFERENCE><! [CDATA[NOT 
Linux] ]></VENDOR_REFERENCE> 
<BUGTRAQ ID><! [CDATA[NOT 15656]]></BUGTRAQ ID> 
<VULNERABILITY DETAILS><! [CDATA[details] ]></VULNERABILITY DETAILS> 
<COMPLIANCE DETAILS><! [CDATA[details]]></COMPLIANCE DETAILS> 
<COMPLIANCE TYPE><! [CDATA[PCI, CobIT, HIPAA, GLBA, 
SOX] ]></COMPLIANCE_TYPE> 
<QUALYS TOP 20><![CDATA[Top Internal 10, Top External 
10]]></QUALYS TOP 20> ` 
<OTHER><! [CDATA[Not exploitable due to configuration, 
Non-running services, 2008 SANS 20] ]></OTHER> 
<NETWORK ACCESS><! [CDATA [NAC vi NAM] ] ></NETWORK_ ACCESS> 
<USER MODIFIED><! [CDATA[NOT 07/27/2015- 
07/27/2015] ]></USER_MODIFIED> 
<PUBLISHED><! [CDATA[NOT 06/02/2015- 
07/20/2015] ] ></PUBLISHED> 
<SERVICE MODIFIED><! [CDATA[NOT Previous 1 
week] ]></SERVICE_MODIFIED> 
</CRITERIA> 
</CRITERIA> 
<!-- This list is used in the following option profiles //- 
-> 
<OPTION PROFILES> 
<OPTION PROFILE> 
<ID>135<ID> 
<TITLE><! [CDATA[Initial Options] ]></TITLE> 
<OPTION PROFILE> 
</OPTION PROFILES> 
<!-- This list is used in the following report templates 
//--> 
<REPORT TEMPLATES> 
<REPORT TEMPLATE> 
<ID>256<ID> 
<TITLE><! [CDATA[Scan Report Template] ]></TITLE> 
<REPORT TEMPLATE> 
</REPORT_TEMPLATES> 
<!-- This list is used in the following remediation 
policies. //--> 
<REMEDIATION POLICIES> 
<REMEDIATION POLICY> 


<ID>655<ID> 
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ea 
Vv 


<TITLE><! [CDATA[Remediation Policy 1]]></TITL 
<REMEDIATION POLICY> 
</REMEDIATION POLICIES> 
<!-- This search list is associated with following 
distribution groups. //--> 
<DISTRIBUTION GROUPS> 
<DISTRIBUTION GROUP> 
<ID>226<ID> 
<TITLE><! [CDATA[A11] ] ></TITLE> 
<DISTRIBUTION GROUP> 
</DISTRIBUTION GROUPS> 
<COMMENTS><! [CDATA[This is my first comment for this 
list] ]></COMMENTS> 
</DYNAMIC_LIST> 
</DYNAMIC_ LISTS> 
</RESPONSE> 
</SEARCH LIST OUTPUT> 


DTD 
<platform API server>/api/2.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd 


Create dynamic search list 


Input parameters 


Parameter Description 

action=create (Required) 

echo_request={0/1} (Optional) Specify 1 to show input parameters in XML output. 

title=(value} (Required) A user defined search list title. Maximum is 256 
characters (ascii). 

global={0|1} (Optional) Specify 1 to make this a global search list, available to 
all subscription users. 

comments={value} (Optional) User defined comments. 

{criteria} (Required) User defined search criteria. See “Search criteria” 


Search criteria 


Use these parameters to define search criteria for dynamic search lists, using create and 
update requests. All parameters act as vulnerability filters. 


Parameter Value 


vuln_title={value} Vulnerability title (string); to unset value use 
update request and set to empty value 


not_vuln_title=(0|1} Set to 1 for vulnerability title that does not match 
vuln_title parameter value 
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Value 


discovery_methods={value} 


One or more discovery methods: Remote, 
Authenticated, Remote_Authenticated; by default 
all methods are included 


auth_types={value} 


One or more of these authentication types: 
Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, 
MySQL, PANOS, TOMCAT, MARIADB, MongoDB, 
WEBLOGIC; multiple values are comma separated; 
to unset value use update request and set to empty 
value 


user_configuration={value} 


One or more of these user configuration values: 
disabled, custom; multiple values are comma 
separated; to unset value use update request and 
set to empty value 


categories={value} 


not_categories=(0|1} 


One or more vulnerability category names (strings); 
to unset value use update request and set to empty 
value 


Set to 1 for categories that do not match categories 
parameter values 


confirmed_severities={value} 


One or more confirmed vulnerability severities (1- 
5); multiple severities are comma separated; to 
unset value use update request and set to empty 
value 


potential_severities={value} 


One or more potential vulnerability severities (1-5); 
multiple severities are comma separated; to unset 
value use update request and set to empty value 


ig_severities={value} 


One or more information gathered severities 
(1-5); multiple severities are comma separated; to 
unset value use update request and set to empty 
value 


vendor_ids={value} 


not_vendor_ids={0|1} 


One or more vendor IDs; multiple IDs are comma 
separated; to unset value use update request and 
set to empty value 


Set to 1 for vendor IDs that do not match 
vendor_ids parameter values 


products={value} 


not_products=({0|1} 


Vendor product names; multiple names are comma 
separated; to unset value use update request and 
set to empty value 


Set to 1 for product names that do not match 
products parameter values 


patch_available={value} 


Vulnerabilities with patches: 0 (no), 1 (yes); by 
default all vulnerabilities with and without patches 
are included; multiple values are comma 
separated; to unset value use update request and 
set to empty value 
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Value 


virtual_patch_available={value} 


Vulnerabilities with Trend Micro virtual patches: 0 
(no), 1 (yes); by default vulnerabilities with and 
without these virtual patches are included: 
multiple values are comma separated; to unset 
value use update request and set to empty value 


cve_ids={value} 


not_cve_ids={0|1} 


One or more CVE IDs; multiple IDs are comma 
separated; to unset value use update request and 
set to empty value 


Set to 1 for CVE IDs that do not match cve_ids 
parameter values 


exploitability={value} 


One or more vendors with exploitability info; 
multiple references are comma separated; to unset 
value use update request and set to empty value 


malware_associated={value} 


One or more vendors with malware info; multiple 
references are comma separated; to unset value 
use update request and set to empty value 


vendor_refs={value} 


not_vendor_refs={0|1} 


One or more vendor references; multiple vendors 
are comma separated; to unset value use update 
request and set to empty value 


Set to 1 for vendor references that do not match 
vendor_refs parameter values 


bugtraq_id={value} 


not_bugtraq_id={0|1} 


Vulnerabilities with a Bugtrag ID number; to unset 
value use update request and set to empty value 


Set to 1 for vulnerabilities with Bugtraq IDs that do 
not match the bugtrag_id parameter value 


vuln_details={value} 


A string matching vulnerability details; to unset 
value use update request and set to empty value 


compliance_details={value} 


A string matching compliance details; to unset 
value use update request and set to empty value 


supported_modules={value} 


One or more of these Qualys modules: VM, CA- 
Windows Agent, CA-Linux Agent, WAS, WAF, MD; 
multiple values are comma separated; to unset 

value use update request and set to empty value 


compliance_types={value} 


One or more compliance types: PCI, CobiT, HIPAA, 
GLBA, SOX; multiple values are comma separated; 
to unset value use update request and set to empty 
value 


qualys_top_lists={value} 


One or more Qualys top lists: Internal_10, 
Extermal_10; multiple values are comma 
separated; to unset value use update request and 
set to empty value 


cpe={value} 


Optional) One or more CPE values: Operating 
System, Application, Hardware, None; multiple 
values are comma separated. 
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Value 


qids_not_exploitable={0|1} 


Set to 1 for vulnerabilities that are not exploitable 
due to configuration. 


non_running services=[0|1) 


Set to 1 for vulnerabilities on non running services. 


sans_20={0|1} 


Set to 1 for vulnerabilities in 2008 SANS 20 list 


nac_nam={0|1} 


Set to 1 for NAC/NAM vulnerabilities 


vuln_provider={value} 


Provider of the vulnerability if not Qualys; valid 
value is iDefense 


cvss_base={value} 


CVSS base score value (matches greater than or 
equal to this value); to unset value use update 
request and set to empty value 


cvss_temp={value} 


CVSS temporal score value (matches greater than 
or equal to this value); to unset value use update 
request and set to empty value 


cvss_access_vector={value} 


CVSS access vector, one of: Undefined, Local, 
Adjacent_Network, Network; to unset value use 
update request and set to empty value 


cvss_base_operand={value} 


Set the value to 1 to use the greater than equal to 
operand. Set the value to 2 to use the less than 
operand. 
You must always specify the "cvss_base" parameter 
along with the "cvss_base_operand" parameter in 
the API request. 


cvss_temp_operand={value} 


Set the value to 1 to use the greater than equal to 
operand. Set the value to 2 to use the less than 
operand. 

You must always specify the "cvss_temp" 
parameter along with the "cvss_temp_operand" 
parameter in the API request. 


cvss3_base={value} 


CVSS3 base score value assigned to the CVEs by 
NIST (matches greater than, less than, or equal to 
this value); to unset value use update request and 
set to empty value. 


cvss3_temp={value} 


CVSS3 temporal score value assigned to the CVEs 
by NIST (matches greater than, less than, or equal 
to this value); to unset value use update request 
and set to empty value. 
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Value 


cvss3_base_operand=fvalue} 


Set the value to 1 to use the greater than equal to 
operand. Set the value to 2 to use the less than 
operand. You must always specify the "cvss3_base" 
parameter along with the "cvss3_base_operand" 
parameter in the API request. 


cvss3_temp_operand={value} 


Set the value to 1 to use the greater than equal to 
operand. Set the value to 2 to use the less than 
operand. You must always specify the "cvss3_temp" 
parameter along with the "cvss3_temp_operand" 
parameter in the API request. 


User modified filters 


The user_modified* parameters are mutually exclusive, only one of these can be passed 


per request. 


Parameter 


Value 


user_modified_date_between={value} 


date range in format (mm/dd/yyyy-mm/dd/yyyy) 


user_modified_date_today={0|1} 


set to 1 for modified by user today; set to 0 for not 
modified by user today 


user_modified_date_in previous={value} 


one of: Year, Month, Week, Quarter 


user_modified_date_within_last_days= 
value} 


number of days: 1-9999 


not_user_modified={0|1} 


set to 1 to set the “not” flag for one of the 
user_modified* parameters 


Service modified filters 


These parameters are mutually exclusive, only one of these can be passed per request. 


Parameter 


Value 


service_modified_date_between={value} 


date range in format (mm/dd/yyyy-mm/dd/yyyy) 


service_modified_date_today={0|1} 


set to 1 for modified by our service today; set to 0 for 
not modified by our service today 


service_modified_date_in 
previous={value} 


one of: Year, Month, Week, Quarter 


a 


service_mod 
={value} 


ed_date_within_last_days 


number of days: 1-9999 


not_service_modified={0|1} 


set to 1 to set the “not” flag for one of the 
service_modified* parameters 
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Published filters 
These parameters are mutually exclusive, only one of these can be passed per request. 


Parameter Value 

published_date_between={value} date range in format (mm/dd/yyyy-mm/dd/yyyy) 

published_date_today=({0|1} set to 1 for published today; set to 0 for not 
published today 

published_date_in previous={value} one of: Year, Month, Week, Quarter 

published_date_within_last_days={value} number of days: 1-9999 

not_published={0|1} set to 1 to set the “not” flag for one of the published* 
parameters 


Sample - Create dynamic search list 


API request: 
curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=createétitle=My+DynamictSearch+Listéglobal=l1épublished dat 
e within last _days=7&patch_available=1" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/dynamic/" 


XML response: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2015-09-017T21:32:40Z</DATETIME> 
<TEXT>New search list created successfully</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>136992</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


eal 
V 


Sample - Create dynamic search list, CVSS scores 


API request: 


Request for CVSS2 base scores: greater than equal to 3, CVSS 2 temporal scores less than 
2, CVSS3 base scores greater than or equal to 2, CVSS3 temporal scores less than 2. 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With:curl demo2" -d 
"action=createétitle=mytest DL313&cvss base=3&cvss base operand=1& 
cvss_temp=2&cvss_ temp operand=2écvss3 base=2&cvss3 base operand=1& 
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cvss3 temp=2&cvss3 temp operand=2" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/dynamic/" 


Update dynamic search list 


Input parameters 
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Parameter Description 
action=update (Required) 
echo_request=[0|1) Optional) Specify 1 to show input parameters in XML output. 


id=(id} 


(Required) The ID of the search list you want to update. 


title={value} 


ascii). 


Optional) The search list title. Maximum is 256 characters 


global={0|1} 


Optional) Specify 1 to make this a global search list. 


comments={value} (Optional) User defined comments. 


{criteria} 


Optional) See “Search criteria” 


Only criteria specified in an update request will overwrite 
existing criteria, if any. For example, if a search list has 


irmed_severities=3,4 and you make an update request with 


confirmed_severities=5, the search list will be updated to 


£S 


confirmed_severities=5. 


unset_user_modified_date= (Optional) Set to empty value to unset the user modified date in 


{value} the search list parameters. 
unset_published_date= (Optional) Set to empty value to unset the published date in the 
{value} search list parameters. 


unset_service_modified_date (Optional) Set to empty value to unset the service modified date 


={value} 


in the search list parameters. 


Sample - Update dynamic search list 


API request: 


curl 


-u “USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=update&id=136992" 
"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/dynamic/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIM 
<R 


PL 


E RETURN> 


ES 


PONSE> 


<DATETIME>2015-09-01T21:32:40Z</DAT 


<T 


ETIM 


E> 
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EXT>Search list updated successfully</T! 


EXT> 


ry 
E, 


IST> 


Y>ID</K 
UE>136 
M> 


LISTS 


E> 


F 


TURN> 


FY> 
992</VALU 


Delete dynamic search list 


Input parameters 


Parameter 


Des 


cription 


Fd 
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action=delete 


(Required) 


echo_request={0|1} 


(Optional) Specify 1 to show input parameters in XML output. 


id={id} 


(Required) The ID of the search list you want to delete. 


Sample - Delete dynamic search list 


API request: 


eur: 


=u 


"US 


ERNAM 


F: PASSWD" 


"action=deleteé&id=123456" 


-H "X-Requested-With: Curl" 


-X "POST" -d 


"https://qualysapi.qualys.com/api/2.0/fo/qid/search list/dynamic/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" 
_ RETURN SYST! 
ualysapi.qualys.com/api/2.0/simple return.dtd"> 
ETU 


<! DOC 
"http 


p 


<SIME 


= 


TYPE 


SIMPLE 


F 


R 


s://q 
LE R 


<R 


F 


SPONS 


F 


< 
< 
< 


RN> 
> 


DAT 


ETIM 


T 


ITEM _ 
<IT] 


my 
Ë, 


IST> 


Y>ID</KI 
U 


IST> 


E> 


F 


TURN> 


E>2015-09-01T21:32:40Z</DAT 


?> 


EM 
E 


ETIM 


E> 


EY> 


E>123456</VALUI 


Gl 
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EXT>search list deleted successfully</T! 


EXT> 
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Vendor IDs and References 
/api/2.0/fo/vendor/?action=list_vendors 


/api/2.0/fo/vendor/?action=list_vendor_references 


List vendor IDs and names. This vendor information may be defined as part of dynamic 
search list query criteria. 


Permissions - All users except Auditors have permission to run this API. 


Input Parameters 


Parameter Description 

action={value} Required) Set to “list_vendors” to list vendor IDs and names. Set 
to “list_vendor_references” to list vendor references for QIDs. 

echo_request={0|1} Optional) Specify 1 to show input parameters in XML output. 

ids={id1,id2,...} Optional for action=list) 


One or more vendors IDs to list those vendors only. 


gids={id1,id2.,...} Optional for action=list_vendor_references) 
One or more QIDs to list vendors references for those QIDs only. 


Sample - List vendor IDs and names 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/vendor/?action=list vendo 
rs&ids=458,1967" 


XML response: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE VENDOR LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/vendor/vendor list output 
.dtd"> 
<VENDOR LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2015-09-02T09:23:522</DATETIME> 
<VENDORS> 
<VENDOR> 
<ID>458</ID> 
<NAME> 
<! [CDATA[3com] ]> 
</NAME> 
</VENDOR> 
<VENDOR> 
<ID>1967</ID> 


eal 
= 
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</VENDOR LIST OU 


DTD 


< 


</VEN 


Gl 


/Vi 
DOR 


</RESPONS 


E> 
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<NAME> 


<! [CDATA [2glux] ] > 


</NAME> 


N 
S> 


TPUT 


DOR> 


> 


!-- QUALYS VENDOR LIST OUTPUT DTD --> 

ELEMENT VENDOR LIST OUTPUT (REQUEST?, RESPONSE) > 

ELEMENT REQUEST (DATETIME, USER LOGIN, RESOURCE, PARAM LIST?, 
POST DATA?) > 

ELEMENT DATETIME (#PCDATA) > 

ELEMENT USER LOGIN (#PCDATA) > 

ELEMENT RESOURCE (#PCDATA) > 

ELEMENT PARAM LIST (PARAM+) > 

ELEMEN PARAM (KEY, VALUE)> 

ELEMENT KEY (#PCDATA)> 

ELEMENT VALUE (#PCDATA)> 

-- if returned, POST DATA will be urlencoded --> 

ELEMENT POST DATA (#PCDATA) > 

ELEMENT RESPONSE (DATETIME, VENDORS?) > 

ELEMENT VENDORS (VENDOR+) > 

ELEMENT VENDOR (ID, NAME) > 

ELEMENT ID (#PCDATA) > 

ELEMENT NAME (#PCDATA) > 

FOF --> 


Sample - List vendor references for qids 
API request: 


eurk =ü 


"US 


ERNAM 


E:PASSWORD" -H "X-Requested-With: Curl" 


"https://qualysapi.qualys.com/api/2.0/fo/vendor/?action=list vendo 
r_ references" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 


<! 
mA 
is 


<V 


DOCTYP 


Ë outp 
ENDOR ` 


EV 


EN 


uct 


DOR_REE 


ERENCE LIST OUTPUT SYSTEM 


ttps://qualysapi.g 
.dtd"> 


REF 


ER 


ENC 


F LI 


ualys.com/api/2.0/fo/vendor/vendor reference 1 


ST _OUTPUT> 
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<R 


ES PONS 
<DAT 
<VEN 


REE 


py 


ENCES> 


E>2015-09-02T09:27:34Z</DAT 
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ETIME 


DOR REFERENC 


k> 


<QI 


195464< 


/QID> 


<REFERENCE 


INFO> 


REFERE 


b> 


<! 


DATA [USN-2186-1] ]> 


< 


py 


ENC 


k> 


<U 


<! [CDATA [https://lists.ubun 
announce/2014-Apri1/002483.h 
URL> 


u.com/archives/ubuntu-security- 
tml] j> 


‘RENCE 


INFO> 


ENC 


k> 


<V 


k> 


/QID> 


_ INFO> 


iNC 


E> 


LEG 


DATA [RHSA-2008-0508] ]> 


s] 


ENC 


k> 


2008-0508.htm1]]> 
</ 


DATA[http://rhn.redhat.com/errata/RHSA- 


an 


</ 


KE 


_INFO> 


pyl 


<REF 


py 


_INFO> 


< 


pa] 


T 


iNC 


Ki > 


=à 


G 


DATA [RHSA-2008-0519]]> 


ENC 


k> 


2008-0519.html]]> 


DATA[http://rhn.redhat.com/errata/RHSA- 


</RE 
ENDO 


</V 


DTD 


IST OUTPUT> 


<platform API server>/api/2.0/fo/vendor/vendor_reference_list_output.dtd 
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Scan Authentication 


Create, edit, list, delete authentication records for authenticated (trusted) scanning of 
various technologies (i.e. Windows, Unix, Docker, Oracle, etc). 


Permissions 

User Permissions Summary 

List Auth Records 

List Authentication Records 

List Authentication Records by Type 
Auth Record types 


Application Server Records 
- Apache, MIIS, IBM Websphere, 
Tomcat 


Azure MS SQL Record 
Docker Record 

HTTP Record 

IBM DB2 Record 


InformixDB Record 
JBoss Server record 
Kubernetes Record 


MariaDB Record 


MongoDB Record 
MS SQL Record 
MySQL Record 
Neo4j Record 


Nginx Record 

Oracle Record 

Oracle Listener Record 

Oracle WebLogic Server Record 


Palo Alto Firewall Record 


PostgreSQL Record 


SAP Hana Record 
SAP IQ Record 
SNMP Record 
Sybase Record 
Unix Record 
VMware Record 
Windows Record 
MS 
Oracle HTTP Server Record 


Exchange Server 


vCenter - ESXi Mapping Records 
Network SSH Record 
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User Permissions Summary 


A summary is provided below. For complete details, see “Managing Authentication 
Records” in Qualys online help. 


Maximum Records per request 


A maximum of 1,000 authentication records can be processed per request. If the 
requested list identifies more than 1,000 authentication records, then the XML output 
includes the <WARNING> element and instructions for making another request for the 


next batch of records. 


View Record List 


User Role 


Permissions 


Manager 


View all authentication records in subscription. 


Unit Manager 


View authentication records which contain hosts in the 
user’s business unit. 


Scanner 


View authentication records which contain hosts in the 
user's assigned asset groups. 


Auditor, Reader 


No permissions. 


Create Record 


User Role 


Permissions 


Manager 


Create authentication records for hosts in the subscription. 


Unit Manager 


Create authentication records for hosts in the user’s 
business unit. The permission “create/edit authentication 
records” must be granted in the user’s account. 


Auditor, Scanner, Reader 


No permissions. 


Update/Delete Record 


User Role 


Permissions 


Manager 


Update and delete authentication records. 


Unit Manager 


Update and delete authentication records. The permission 
“create/edit authentication records/vaults” must be 
granted in the user’s account. To edit a record, at least one 
host in the record must be in the user’s business unit. To 
delete a record, all hosts in the record must also be in the 
user’s business unit. 


Auditor, Scanner, Reader 


No permissions. 


218 


Scan Authentication 
List Authentication Records 


List Authentication Records 
/api/2.0/fo/auth/?action=list 
[GET] [POST] 


List all authentication records visible to the user for all technologies (i.e. Windows, Unix, 
Docker, etc). 


A maximum of 1,000 authentication records can be processed per request. If the 
requested list identifies more than 1,000 authentication records, then the XML output 
includes the <WARNING> element and instructions for making another request for the 
next batch of records. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Show (echo) the request’s input parameters 


(names and values) in the XML output. When not specified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


title={value} (Optional) Show only authentication records which have a 
certain string in the record title. 


comments={value} (Optional) Show only authentication records which have a 
certain string in the record comments. 


ids={value} (Optional) Show only authentication records with certain 
IDs and/or ID ranges. Multiple entries are comma 
separated. One or more IDs/ranges may be specified. An ID 
range entry is specified with a hyphen (for example, 3000- 
3250). Valid IDs are required. 


id_min={value} (Optional) Show only authentication records which have a 
minimum ID value. A valid ID is required. 


id_max={value} (Optional) Show only authentication records which have a 
maximum ID value. A valid ID is required. 


DTD for list records 
<platform API server>/api/2.0/fo/auth/auth_records.dtd 
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Sample - List authentication records, multiple technologies 


<AUTH LIST OUTPUT> 
<RESPONSE> 


<DATETIME>2017-05-21T13:32:17Z</DATETIME> 
<AUTH RECORDS> 
<AUTH UNIX RECORDS> 
<ID_SET> 
<ID_RANGE>17-41</ID_RANGE> 
<ID_RANGE>62-119</ID_RANGE> 
</ID_SET> 


</AUTH_UNIX_RECORDS> 
<AUTH WINDOWS RECORDS> 
<ID_SET> 
<ID_ RANGE>1-6</ID RANG 
</ID_SET> 
</AUTH_ WINDOWS RECORDS> 
<AUTH ORACLE RECORDS> 
<ID_SET> 
<ID>7</ID> 
</ID_SET> 
</AUTH ORACLE RECORDS> 
<AUTH SNMP RECORDS> 
<ID_SET> 
<ID>4114</ID> 
<ID_RANGE>4117-4121</ID_ RANG 
</ID_SET> 
</AUTH_SNMP_RECORDS> 
<AUTH_ IBM DB2 RECORDS> 
<ID_SET> 
<ID>6</ID> 
</ID_SET> 
</AUTH_ IBM DB2 RECORDS> 
</AUTH_RECORDS> 
</RESPONSE> 
</AUTH_ LIST OUTPUT> 


eal 
V 


zal 
V 
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List Authentication Records by Type 
/api/2.0/fo/auth/<type> 
[GET] [POST] 


List authentication records visible to the user for a specific technology (i.e. Unix, Windows, 
Docker, Sybase etc). 


<type> will be a supported technology like: docker, http, ibm_db2, mongodb, 
ms_exchange, ms_sql, mysql, oracle, oracle_listener, oracle_weblogic, palo_alto_firwall, 
postgresql, snmp, sybase, unix (for Unix, Cisco, Checkpoint Firewall), network_ssh, 
vmware, windows. For application servers: apache, ms_iis, ibm_websphere, tomcat. 


A maximum of 1,000 authentication records can be processed per request. If the 
requested list identifies more than 1,000 authentication records, then the XML output 
includes the <WARNING> element and instructions for making another request for the 
next batch of records. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} Optional) Show (echo) the request’s input parameters 


names and values) in the XML output. When not specified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


title={value} Optional) how only authentication records which have a 
certain string in the record title. 


comments={value} Optional) Show only authentication records which have a 
certain string in the record comments. 


details={Basic|All|None} Optional) Show the requested amount of information for 
each authentication record. A valid value is: 
None - show record ID only 


Basic (default) - show record ID and all authentication 
record attributes 


All - show record ID and all authentication record 
attributes and a glossary section with the user name and 
login for each record owner 


ids={value} (Optional) Show only authentication records with certain 
IDs and/or ID ranges. Multiple entries are comma 
separated. One or more IDs/ranges may be specified. An ID 
range entry is specified with a hyphen (for example, 3000- 
3250). Valid IDs are required. 


id_min={value} (Optional) Show only authentication records which have a 
minimum ID value. A valid ID is required. 
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Parameter Description 


id_max={value} (Optional) Show only authentication records which have a 
maximum ID value. A valid ID is required. 


Oracle Records 


template_auth_id={value} (Optional) Specify the template ID for an Oracle system 
record template to only show Oracle records associated 
with the specified template. 


template_auth_name= (Optional) Specify the template name for an Oracle system 
{value} record template to only show Oracle records associated 
with the specified template. 


is_template={0|1} (Optional) By default, template records and regular Oracle 
records are listed. Set to 0 to list only regular Oracle 
records or set to 1 to list only Oracle system record 
templates. 


status={0|1} (Optional) By default, active and inactive auth records are 
listed. Set to 0 to list only inactive records or set to 1 to list 
only active records. 


is_system_created={0|1} (Optional) By default, user created records and system 
created auth records are listed. Set to 0 to list only user 
created records or set to 1 to list only system created 
records. 


DTD for list record type 
<platform API server>/api/2.0/fo/auth/<type>/ 


where <type> is the authentication record type, such as unix, windows, oracle, etc. 


Sample - List Unix and Cisco records 


<AUTH UNIX LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2017-05-21T13:32:17Z</DATETIME> 
<AUTH_UNIX_LIST> 
<AUTH UNIX> 
<ID>678</ID> 
<TITLE><! [CDATA[My Ubuntu credentials] ]></TITL 
<USERNAME><! [CDATA [bumbler] ] ></USERNAME> 
<ROOT_TOOL>Sudo</ROOT_TOOL> 
<CLEARTEXT PASSWORD>0</CLEARTEXT PASSWORD> 
<IP_SET> 
<IP_RANGE>10.10.10.168-10.10.10.195</IP_RANGE> 
</IP_SET> 
<CREATED> 
<DATETIME>2017-04-20T01:01:01</DATETIME> 
<BY>quays_es11</BY> 
</CREATED> 


eal 
V 
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<LAST MO 
<DAT 


</LAST MODIFIE 
</COMMI [ 
</AUTH_UNIX> 


</AUTH UNIX 
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DIFIED> 
ETIME>2017-04-20T01:01:01</DAT 


ETIME 


<BY>quays es11</BY> 


D> 


ENTS><! [CDATA [Development lab] ]></COMMENTS> 


LIST> 


<WARNING LIST> 


<WARNING> 
<CODE>1980</COD 
EXT>1000 record limit 


<T 


GI 


> 
ded. Us 


XC URL to get next 


batch of records.</TEXT> 


<URL>https://q 


min=3457</U 


RL> 


ualysapi.qualys.com/api/2.0/fo/auth/?action=listé&id_ 


</WARNING> 


</WARNING ` 


<GLOSSA 
<US 


</USER_ 
</GLOSSARY> 


RY> 


ER_ 


LIST> 


IST> 


<Ú 


SER> 
<USER_LOGIN>quays_es11</USER_LOGIN> 
<FIRST NAME>Ernie</FIRST NAME> 
<LAST NAME>Smith</LAST NAME> 


</USER> 


IST> 


</RESPONS 


E> 


</AUT 


H UNIX 


LI 


ST_OUTPUT> 


Sample list Oracle record 


This sample shows details for a single Oracle record specified by ID. The XML output 
identifies whether the record is system created, is active and is a template. In this 
example, the record listed is not system created. It is active and it is a template record. 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl" -qd 
"action=list&ids=2237956" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle/" 


XML output: 


<?xml version="1.0" 


P 


<!DOCTYPE A 
"Fj 
put.dtd"> 
<A 


ncoding="UTF-8" 


UTH_ ORACLE LIST OUTPUT SYSTEM 
ttps://qualysapi.qualys.com/api/2.0/fo/auth/oracle/auth oracle list out 


UTH ORACLE LIST OUTPUT> 
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<RESPONSE> 
<DATETIME>2020-04-23T18:44:27Z</DATETIME> 
<AUTH ORACLE LIST> 
<AUTH_ORACLE> 
<ID>2237956</ID> 
<TITLE><! [CDATA[OracleRecordTemplate] ]></TITL 
<USERNAME><! [CDATA[OracleUser] ]></USERNAME> 
<CREATED> 
<DATETIME>2020-04-23T18:43:59Z</DATETIME> 
<BY>rey ptl1l</BY> 
</CREATED> 
<LAST_ MODIFIED> 
<DATETIME>2020-04-23T18:43:59Z</DATETIME> 
</LAST_MODIFIED> 
<IS SYSTEM CREATED>0</IS_ SYSTEM CREATED> 
<IS_ACTIVE>1</IS ACTIVE> 
<IS_TEMPLATE>1</IS_ TEMPLATE> 
<COMMENTS><! [CDATA[my comments] ] ></COMMENTS> 
</AUTH_ORACLE> 
</AUTH_ORACLE_LIST> 
</RESPONSE> 
</AUTH_ORACLE LIST _OUTPUT> 


ti 
V 
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Application Server Records 
/api/2.0/fo/auth/{web app server}/ 


where {web app server} is one of apache, ms_iis, ibm_websphere, tomcat 


[POST] 


Create, update, list and delete application server records for authenticated scans of web 
application servers. Application Server records are used to authenticate to various web 
app servers. 


Instance discovery and auto record creation is supported for Apache Web Server, IBM 
WebSphere, JBoss, Tomcat and Oracle. Learn more about instance discovery and auto 
record creation in online help (log in to your Qualys account, go to Help > Online Help and 
search for System Authentication Records). 


Supported servers 


API URL (/api/2.0/fo...) Supported Versions 


/auth/apache/ - Apache HTTP Server 2.2 and 2.4 
- IBM HTTP Server 7.x, 8.x and 9.x 
- VMware vFabric Web Server 5.x 
- Pivotal Web Server 6.x 
Compliance scans are supported (using PC) 


/auth/apache/ms_iis MS IIS 6.0, 7.x, 8.x and 10 for Windows 
Compliance scans are supported (using PC) 


/auth/ibm_websphere/ IBM WebSphere Application Server 7.x, 8.x and 9.x 
Compliance scans are supported (using PC) 


/auth/tomcat Windows: 
- Apache Tomcat 7.x, 8.x and 9.x 


Unix: 
- Apache Tomcat 6.x, 7.x, 8.x and 9.x 

- VMware vFabric tc Server 2.9.x 

- Pivotal tc Server 3.x 

Vulnerability and Compliance scans are supported (using 
VM, PC) 
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Parameter 
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Description 


action=[action) 


(Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} 


(Optional) Show (echo) the request’s input parameters 
(names and values) in the XML output. When 
unspecified, parameters are not included in the XML 
output. 


ids={value} 


(Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


(Required for create) The title of the Server record. The 
title must be unique and may include a maximum of 255 
characters (ascii). 


comments={value} 


(Optional) User defined notes about the Server record. 
The comments may include a maximum of 1999 
characters (ascii); if comments have 2000 or more 
characters an error is returned and comments are not 
saved. Tags (such as <script>) cannot be included; if tags 
are included an error is returned and the request fails. 


Application Server 


unix_apache_config_file= 
{value} 


(Required to create an Apache Web Server record; valid 
only for this record). The path to the Apache 
configuration file. 


unix_apache_control_comm 
and={value} 


(Required to create an Apache Web Server record; valid 
only for this record) The path to the Apache control 
command. For IBM HTTP Server, enter the path to the 
IBM HTTP Server “bin” directory or the specific location 

of “apachectl”. For VMware vFabric Web Server, enter the 
path to the VMware vFabric global “bin” directory or the 
specific location of “httpdctl” for a web server instance. 


windows_apache_config_file 
={value} 


Required to create Apache HTTP and IBM HTTP server 
records; valid only for this record). The Windows path to 
the Apache HTTP and IBM HTTP server configuration 
file. 


windows_apache_control_co 
mmand={value} 


(Required to create Apache HTTP and IBM HTTP server 
records; valid only for this record) The Windows path to 
the Apache HTTP and IBM HTTP server control 
command. For IBM HTTP Server, enter the path to the 
BM HTTP Server “bin” directory or the specific location 
of “apachectl”. 


unix_installation_dir={value} 


(Required to create an IBM WebSphere App Server 
record; valid only for this record) The directory where the 
WebSphere application is installed. 
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Description 


unix_dir_mode={value} 


(Optional for IBM WebSphere App Server record; valid 
only for this record) Specify the Unix directory mode. 
Valid values are installation_dir (for installation 
directory) and server_dir (for server directory). When not 
specified, installation_dir is used. 


windows_installation_dir={v 
alue} 


(Required to create an IBM WebSphere App Server 
record; valid only for this record) The Windows directory 
where the WebSphere application is installed. 


installation_path={value} 


Required to create Tomcat Server record; valid only for 
this record) The directory where the tomcat server is 
installed. 


Examples: 

/opt/apache-tomcat-7.0.57 (e.g. $CATALINA_HOME) 
/opt/vmware/vfabric-tc-server-standard 
/opt/pivotal/pivotal-tc-server-standard 


instance_path={value} 


(Optional to create or update Tomcat Server record; valid 
only for this record) The directory where the tomcat 
server instance(s) are installed. You can specify a single 
tomcat instance (use with auto_discover_instances=0), 
or multiple instances (use with 
auto_discover_instances=1). Leave unspecified when the 
instance directory is the same as the installation 
directory or when your targets have different types of 
tomcat servers. 


Examples: 

/opt/apache-tomcat-7.0.57 (e.g. $CATALINA_BASE) 
/opt/vmware/vfabric-tc-server-standard/tc1 
/opt/pivotal/pivotal-tc-server-standard/tc1 


auto_discover_instances= 
{0/1} 


(Optional to create or update Tomcat Server record; valid 
only for this record) Specify auto_discover_instances=1 
and we'll find all tomcat server instances for you. 
Applies to VMware vFabric and Pivotal when you ve 
specified a directory with multiple instances or you did 
not specify an instance. 


When unspecified (auto_discover_instances=0), we will 
not auto discover instances. Applies to Apache Tomcat or 
when you've specified a single instance. 
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Description 


Apache Server only 


status={0|1} 


(Optional to list, create, update Apache records). 


For list request (action set to list) - By default active and 
inactive auth records are listed. Set to 0 to list only 
inactive records or set to 1 to list only active records. 


For create/update request (action set to create or update) 
- By default a new record is set to active (1). Set to 0 for 
inactive record, or 1 for active record. For update action, 
this parameter is valid only when user created records 
are specified in the request. 


is_system_created={0|1} 


(Optional to list Apache records) By default user created 
records and system created auth records are listed. Set to 
0 to list only user created records, or set to 1 to list only 
system created records. 


Target Hosts 


ips={value} 


(Required to create record) Add IP addresses of the hosts 
you want to scan using this record. 


add_ips={value} 


(Optional and valid only to update record) Add IP 
address(es) to the IP list for an existing record. You may 
enter a combination of IPs and IP ranges. Multiple entries 
are comma separated. 


remove_ips={value} 


(Optional and valid only to update record) IPs to be 
removed from your record. You may enter a combination 
of IPs and ranges. Multiple entries are comma separated. 


network_id={value} 


(Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the 
record. 


Sample - Create Apache record 


eur =u MUS 
-d 


ERNAM 


E: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


"action=createé&title=Apache+Record&unix apache config file=/opt/IB 
M/HTTPServer/conf/httpd.confléunix apache control _command=/opt/IBM 
/HTTPServer/bin2éips=10.10.25.25" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/apache/" 


Sample - Update Apache record 


eur uy "US 
-d 


ERNAM 


E: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


"action=updateéids=1234&unix apache config file=/opt/IBM/HTTPServe 
r/conf/httpd.conf2" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/apache/" 
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DTDs for server records 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/apache/auth_apache_list_output.dtd 
<platform API server>/api/2.0/fo/auth/ms_iis/auth_ms_iis_list_output.dtd 


<platform API server>/api/2.0/fo/auth/ibm_websphere/ 
auth_ibm_websphere_list_output.dtd 


<platform API server>/api/2.0/fo/auth/tomcat./auth_tomcat_list_output.dtd 
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Azure MS SQL Record 
/api/2.0/fo/auth/azure_ms_sql/ 


[POST] 


Create, update, list, and delete Azure MS SQL records for compliance scans (using 
PC).Compliance scans are supported (using PC). 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} 


Optional) Set to 1 to view the request’s input parameters 
names and values) in the XML output. By default 
parameters are not included. 


ids={value} 


Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


(Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} 


(Optional) User defined comments. Maximum of 1999 
characters. 


Login credentials 


provider_name={value} 


Optional) Name of the cloud service provider. The only 
value supported is azure. This value will be passed by 
default. 


login_type=({basic|vault} 


Optional) The login type is basic by default. You can 
choose vault (for vault based authentication). 


username={value} 


Required to create record, optional to update record) The 
username to be used for authentication to Azure MS SQL. 
The username must contain '@'. 


password={value} 


(Required to create record, optional to update record) when 
ogin_type=basic, specify the password to be used for 
authentication to Azure MS SQL. Maximum 100 characters 
(ascii). 


instance_name={value} 


(Optional to create or update record) The name of the 
database instance to be scanned. This is the instance name 
assigned to the TCP/IP port. Important: This is not the host 
name that is assigned to the Azure MS SQL Server instance 
name. The only value supported is MSSQLSERVER. This 
value will be passed by default. Currently, we do not 
support named instances for this parameter. 
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Description 


database_name={value} 


(Optional to create or update record) The database name of 
the Azure MS SQL database to be scanned. The database 
name may contain a maximum of 128 characters. 

These parameters are mutually exclusive: database_name 
and auto_discover_databases=1. 


auto_discover_databases= 


{011} 


(Optional to create or update record) The database name of 
the Azure MS SQL database to be scanned. The database 
name may contain a maximum of 128 characters. 

These parameters are mutually exclusive: database_name 
and auto_discover_databases=1. 


port=fvalue} 


(Required to create record, optional to update record) The 
port number assigned to the database instance to be 
scanned. 


Vaults 


vault_type={value} 


(Required to create record when login_type=vault) The 
third party vault to be used to retrieve the password for 
login. Certain vaults support this capability. See Vault 
Support matrix. 


vault_id={value} 


(Required only when action=create and login_type= 
vault) The ID of the vault you want to use. 


{vault parameters} 


(Required only when action=create and login_type=vault) 
Vault specific parameters required depend on the vault 
type you've selected. See Vault Definition. 


Target Hosts 


ips={value} 


(Required to create record) IPs to be added to your Azure 
MS SQL Record record. You may enter a combination of IPs 
and IP ranges to identify compliance hosts. Multiple entries 
are comma separated. 


Optional to update record) Overwrites (replaces) the IP list 
for the authentication record. The IPs you specify are 
added and any existing IPs are removed. 


add_ips={value} 


Optional and valid only to update record) Add IPs to the 
IPs list for this record. Multiple IPs/ranges are comma 
separated. 


remove_ips={value} 


Optional and valid to update record) IPs to be removed 
from your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional and valid when the networks feature is enabled) 
The network ID for the record. 
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Sample - List Azure MS SQL Records 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=list&ids=4620763" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/azure ms_sql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH AZURE MS SQL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/azure ms_sql/dtd/aut 
h list output.dtd"> 
<AUTH AZURE MS SQL LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2021-04-23T13:53:08Z</DATETIME> 
<AUTH AZURE MS SQL LIST> 
<AUTH_ AZURE MS SQL> 
<ID>4620763</ID> 
<TITLE><! [CDATA[AzureMSSQL Auth API] ]></TITLE> 
<PROVIDER_ NAME><! [CDATA [Azure] ]></PROVIDER_ NAME> 
<USERNAME><! [CDATA[john_user@qualys.com] ] ></USERNAME> 
<INSTANCE><! [CDATA[MSSQLSERVER] ] ></INSTANCE> 
<DATABASE><! [CDATA[testdb] ]></DATABASE> 
<PORT>42</PORT> 
<IP_SET> 
<IP>1.1.1.4</IP> 
</IP_SET> 
<LOGIN TYPE><! [CDATA [basic] ]></LOGIN TYPE> 
<CREATED> 
<DATETIME>2021-04-01T11:47:512Z</DATETIME> 
<BY>up_at</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2021-04-01T11:47:512</DATETIME> 
</LAST MODIFIED> 
</AUTH_AZURE MS SQL> 
</AUTH AZURE MS SQL LIST> 
</RESPONSE> 
</AUTH AZURE MS SQL LIST OUTPUT> 
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Sample - Create Azure MS SQL Record (with basic login) 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 
"action=createétitle=my-azuremssql-recordé&ips=1.1.1.4&port=42 
&database name=dbname" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/azure ms_sql/" 
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XML output: 


<?xml ver 
<! DOCTYPE 


"https://qualysapi.qualys.com/api/2.O/batch return.dtd"> 


sion="1.0" 


ncoding="UTF-8" 


BATCH RETURN SYSTEM 


<BATCH_RETURN> 


<RES PONSE> 


> 


<DATETIME>2021-04-23T11:47:512</DATETIM 


<BATCH_LIST> 
<BATCH> 


<TEXT>Successfully Created</TEXT> 


< 


< 


</BATCH> 
</BATCH LIST> 


ID SET> 
<ID>4620763</ID> 
/ID_SET> 


</RESPONSE> 


</BATCH_ RETURN> 


Scan Authentication 
Azure MS SQL Record 


Sample - Update Azure MS SQL Record (with auto_discover_databases=1) 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -d 
"action=update&auto discover databases=1&ids=207024" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/azure ms_sql/" 


XML output: 


<?xml version="1.0" 


<! DOCTYPE 


"https://qualysapi.qualys.com/api/2.O/batch return.dtd"> 


BATCH RETURN SYSTI 


<BATCH_RETURN> 


<RES PONSE> 


ncoding="UTF-8" 


EM 
E 


?> 


<DATETIME>2021-04-26T22:22:41Z</DAT 
<BATCH LIST> 


<BATCH> 


<TEXT>Successfully Updated</TI 


<ID_SET> 


</ID_SET> 
</BATCH> 


</BATCH LIST> 


</RES 


PONSE> 


</BATCH_RI 


Sample - Delete Azure MS SQL Records 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 


ETURN> 


"action=deleteé&ids=4620768" 


"https://qualysa 


Response: 


<?xml version="1.0" 


<ID>207024</ID> 


ncoding="UTF-8" 


m 


IME> 


?> 


EXT> 


pi.qualys.com/api/2.0/fo/auth/azure ms _sql/" 
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"e 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.O/batch return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-04-26T13:12:51Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>4620768</ID> 
</ID_SET> 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH_RETURN> 


DTDs for auth type “docker” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/azure_ms_sql/dtd/auth_list_output.dtd 
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Docker Record 


/api/2.0/fo/auth/docker/ 


[POST] 
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Create, update, list and delete Docker records for compliance scans (using PC). This record 
is used to authenticate to a Docker daemon (version 1.9 to 1.12) running on a Linux host. 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} 


(Optional) Set to 1 to echo the request’s input parameters 
(names and values) in the XML output. By default 
parameters are not included. 


ids={value} 


(Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


(Required to create record) The record title. 


comments={value} 


(Optional) User defined comments. 


Docker 


docker_deamon_conf_file= 
{value} 


(Optional to create or update record) Location of the 
configuration file for the docker daemon. 


docker_command={value} 


(Optional) The docker command to connect to a local 
docker daemon. 


Target Hosts 


ips={value} 


Required to create record) IPs to be added to your docker 
record. 


add_ips={value} 


Optional and valid only to update record) IPs to be added 
to an existing record. You may enter a combination of IPs 
and IP ranges. Multiple entries are comma separated. 


remove_ips={value} 


Optional and valid to update record) IPs to be removed 
from your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


network_id={1|0} 


(Optional) By default, the parameter is set to 0 


235 


Sample - Create Docker record 


API request: 


curl 


=O 


"Ú 


S 


ERNAM 


F: PASSWORD" 


-H "X-Re 
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quested-With: curl demo" -d 


"action=createétitle=docker sample&éips=10.10.30.159&docker deamon _ 
conf file=/etc/docker/daemon.json&docker_command=/usr/bin/dockeré&e 
cho _request=1" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/docker/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


<!DOC 
"http 
<BATC 


TYE 
s:/ 
H 


<R 


< 
< 


DAT 
USE 


DI 


= 
F 


Ti 


ET 
E 


BATCH R 


ETURN 


URN> 


ET 


IM 


<RESO 


URC 


SOURC 


< 


< 
</R 


F> 
PARAM _ 
PARAM> 
<K] 
<VAL 


<PARAM 
<KI 
<VAL 


< 
/PA 


PA 


EQU 


BE >h 


LIST> 


rY>action</K 


SYST! 


EY> 


UE>create< 
RAM> 


= 
F 


title</K 


RAM> 


>ips</KEY> 


RAM> 
> 


RAM> 


U 


RAM> 
> 


EY 
UE>1</VALUI 


GI 


/VALU 


Y> 
E>docker _sample</VALU 


E>10.10.30.159</VALU 


>docker_ command</K 
E>/usr/bin/docker</VALU 


EM 
/qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
RI 
EQUEST> 


?> 


ETIM 


E> 


E>2018-03-09T06:09:46Z</DAT 
R _LOGIN>username</US] 
tps://qualysapi.qualys.com/api/2.0/fo/auth/docker/</R 


ER LOGIN 


GI 


Gl 


>docker deamon conf file</K 
E>/etc/docker/daemon.json</VALU 


my 
E, 


Y> 


>echo request</K 


RAM> 


RAM LIST> 
EST> 


E> 


EY> 
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<RESPONSE> 
<DATETIME>2018-03-09T06:09:46Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>72685</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Docker Record 
API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl demo" -d 
"action=updateéids=72685éadd_ips=10.10.26.26" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/docker/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch return.dtd"> 
<BATCH RETURN> 
<RES PONSE> 
<DATETIME>2018-03-09T06:12:572Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>72685</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


DTDs for auth type “docker” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/docker/auth_docker_list_output.dtd 
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HTTP Record 
/api/2.0/fo/auth/http/ 
[POST] 


Create, update and delete HTTP records for authenticated scans of protected portions of 
web sites and devices, like printers and routers, that require HTTP protocol level 
authentication. Vulnerability scans are supported (using VM). 


How it works - During a vulnerability scan, if we come across a web page that requires 
HTTP authentication then we'll check to see if an HTTP record exists in your account with 
applicable credentials. If yes, we'll use the credentials in the record to perform HTTP 
authentication. (Note this is not Form-based authentication.) 


Input Parameters 


Parameter Description 


action={value} (Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} (Optional) Set to 1 to echo the request’s input parameters 
(names and values) in the XML output. By default 


parameters are not included. 

comments={value} (Optional for create or update request) User-defined 
comments. 

ids={value} (Required to update or delete record) One or more HTTP 
record IDs. 

title={value} (Required for a create request; Optional for an update 
request; otherwise invalid) The HTTP record title. 


username={value} Required to create record, optional to update record) The 
user name to be used for authentication. 


password={value} (Required to create record, optional to update record) The 
password to be used for authentication. Maximum 100 
characters (ascii). 


vhost={value} - or - Required to create record; optional to update record) 
realm={value} Specify the protected device or web page you want to 
authenticate against. You can specify a virtual host (an 
FQDN such as vhost=bank.qualys.com) or the name of a 
realm (realm=My+Homepage). 


ssl={0|1} Optional to create or update record) Specify 1 if you want 
to attempt authentication over SSL only. In this case 
authentication is attempted only when the form is 
submitted 

via a link that uses https://... 
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Sample - Create HTTP record, realm 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"action=createéusername=jsmithépassword=abc123étitle=My+HTTP+Recor 
d+1&realm=My+Homepage" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/http/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-01-03T07:51:48Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>55111</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Create HTTP record, virtual host 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -qd 


"action=createéusername=jsmithépassword=abc123étitle=My+HTTP+Recor 
d+2é&vhost=bank.us.corpl.com" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/http/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-01-03T08:02:44Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID ‘SET> 
<ID>55112</ID> 


239 


</RE 


</ID_SET 
</BATCH> 
</BATCH_ LIST> 


iS PONS 


E> 


</BATCH_RET 


URN 


DTDs for auth type “http” 


<platform API server>/api/2.0/batch_return.dtd 
<platform API server>/api/2.0/fo/auth/http/auth_http_list_output.dtd 
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IBM DB2 Record 
/api/2.0/fo/auth/ibm_db2/ 
[POST] 


Create, update, list and delete IBM DB2 records for vulnerability and compliance scans 
(using VM, PC). This record is used for authenticated scanning of one or more DB2 
instances on a single host. Want to scan multiple instances? See "Multiple DB2 Instances" 
in online help. 


Requirement - You must set up target hosts per the Qualys User Guide. 


Download Qualys User Guide - IBM DB2 Authentication (.zip) 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} Optional) Show (echo) the request's input parameters 
names and values) in the XML output. When unspecified, 
parameters are not included in the XML output. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


vault_id={value} Required only when action=create and login_type=vault) 
The ID of the 
vault you want to use to retrieve the password for login. 


vault_type={value} (Required only when action=create and login_type=vault) 
The third party vault to be used to retrieve the password 
for login. Certain vaults support this capability. See “Vault 
Support Matrix” in the API User Guide. 


The following vault types are supported for IBM DB2 at this 
time: ARCON 

PAM, CA Access Control, CyberArk AIM, CyberArk PIM 
Suite, HashiCorp, 

Lieberman ERPM, Quest Vault, Thycotic Secret Server 


{vault parameters} (Required only when action=create and login_type=vault) 
Vault specific parameters required depend on the vault 
type you ve selected. See “Vault Definition” in the API User 
Guide to know which parameters are required for each 
vault type. 


title=(value} (Required to create record) The title for the record. The title 
must be unique and may include a maximum of 255 
characters (ascii). 


Parameter 


Scan Authentication 
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Description 


comments={value} 


(Optional) User defined notes about the record. Maximum 
of 1999 characters (ascii). 


pc_only={0|1} 


Optional) Specify pc_only=1 if the record will be used for 
compliance scans only. See “Sample - Create IBM DB2 
Record with Vault.” 


Login Credentials 


login_type={basic| 
vault} 


Optional) The login type is basic by default. Specify 
ogin_type=vault to use a third party vault to retrieve the 
password for authentication. Vault parameters need to be 
provided in the record. 


username={value} 


Required to create record, optional to update record 
The user name for a DB2 database account. Amaximum of 
13 characters (ascii) may be specified. 


password={value} 


(Required to create record, optional to update record 
The password for a DB2 database account. Maximum 100 
characters (ascii). 


database={value} 


(Required to create record, optional to update record 
The name of the DB2 database. A maximum of 8 
characters (ascii) may be specified. 


port={value} 


(Required to create record, optional to update record 
The port the database instance is running on. 


Target Hosts 


ips={value} 


(Required to create record, optional to update record) 
Add IP addresses of the hosts you want to scan using this 
record. 


Overwrites (replaces) the IP address(es) in the IP list for an 
existing authentication record. The IPs you specify are 
added, and any existing IPs are removed. You may enter a 
combination of IPs and IP ranges. 


add_ips={value} 


(Optional to update record) Add IP address(es) to the IP list 
for an existing authentication record. You may enter a 
combination of IPs and IP ranges. 


remove_ips={value} 


(Optional and valid to update record) IPs to be removed 
from your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


network_id={value} 


(Optional and valid when the networks feature is enabled) 
The network ID for the record. 


OS Parameters 


win_db2dir={value} 
unix_db2dir={value} 


The path to the DB2 runtime library if you want the service 
to perform OS-dependent compliance checks. This is the 
location where DB2 has been installed on the server. 
Maximum of 255 characters. 
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Parameter Description 
win_prilogfile={value} The path to the primary archive location if you want the 
unix_prilogfile={value} service to perform OS-dependent compliance checks. This 


is the directory where the primary log files are located. 
Maximum of 255 characters. 


win_seclogfile={value} The path to the secondary archive location if you want the 
unix_seclogfile={value} service to perform OS-dependent compliance checks. 
Maximum of 255 characters. This parameter specifies the 
number of secondary log files that are created and used for 
recovery log files (only as needed). It is set by the DB2 
ogsecond parameter. 


win_terlogfile={value} The path to the tertiary archive location if you want the 
unix_terlogfile={value} service to perform OS-dependent compliance checks. 
Maximum 255 characters. 


This parameter specifies a path to which DB2 will try to 
archive log files if thelog files cannot be archived to either 
the primary or the secondary (if set) archivedestinations 
because of a media problem affecting those destinations. It 
is set by the DB2 failarchpath parameter. 


win_mirlogfile={value} The path to the mirror archive location if you want the 
unix_mirlogfile={value} service to perform OS-dependent compliance checks. 
Maximum 255 characters. 


If mirrorlogpath is configured, DB2 will create active log 
files in both the log path and the mirror log path. All log 
data will be written to both paths. The mirror log path has 
a duplicate set of active log files. If the active log files are 
destroyed by a disk error or human error, the database can 
still function. 


Sample - Create IBM DB2 Record with Vault 
In this sample, we’re creating a new record and specifying a CyberArk AIM vault. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -d 
"action=createétitle=MyDB2Recordéusername=joe user&login type=vaul 
tévault 
_id=45014évault_type=CyberArk 
AIM&folder=Root\Windows7éfile=rd.txt&database=db2 éport=1234&ips=10 
2115; 12 

13" "https://qualysapi.qualys.com/api/2.0/fo/auth/ibm db2/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
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<RESPONSE> 
<DATETIME>2021-10-11T11:48:03Z</DATETIME> 
<BATCH LIST> 

<BATCH> 

<TEXT>Successfully Created</TEXT> 
<ID_SET> 

<ID>112491</ID> 

</ID_SET> 

</BATCH> 

</BATCH_LIST> 

</RESPONSE> 
</BATCH RETURN> 


Multiple DB2 Instances 


The service has the ability to authenticate to multiple DB2 instances on a single host 

during scanning. For a vulnerability scan, an instance “uniqueness” is defined by an IP 
address and port. For a compliance scan, an instance “uniqueness” is defined by an IP 
address, port and database name. The setting for “pc_only” has an impact on how the 

services determines the uniqueness of a DB2 instance. 


Let’s say you want to define these DB2 records in your account. 

IP Address Port Database Name ` pc_only=0|1 
Record 1 10.10.31.178 5000 SAMPLE pc_only=0 
Record 2 10.10.30.159 5000 TOOLS pc_only=0 
Record 3 10.10.30.159 5000 SAMPLE pce_only=1 


Record 1 and Record 2 will be used for vulnerability scans and compliance scans. You'll 
notice Records 2 and 3 have the same IP address and port but different database names - 
this is allowed because Record 3 is used for compliance scans only. 
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DB2 Paths 
When specifying the path to configuration files, these special characters are not allowed: 


For Windows: 
HM 2!" `()[] aah / 
For Unix: 


s&p >S 


DTDs for auth type “ibm_db2” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/ibm_db2/auth_ibm_db2_list_output.dtd 
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InformixDB Record 
/api/2.0/fo/auth/informixdb/ 


[POST] 


Create, update, list and delete InformixDB authentication records. Compliance scans are 


supported (using PC). 


- Unix authentication is required for compliance scans using the PC app. Make sure the IP 
addresses you define in your InformixDB records are also defined in Unix records. 


- We strongly recommend you create one or more dedicated user accounts to be used 
solely by the Qualys Cloud Platform to authenticate to InformixDB instances. 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or list 
using GET or POST). 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the XML 
output. By default these are not included. 


ids={value} 


Required to update or delete record) Record IDs to update/delete. 
Specify record IDs and/or ID ranges (for example, 1359-1407). 
Multiple entries are comma separated. 


title={value} 


Required to create record) A title for the record. The title must be 
unique. Maximum 255 characters (ascii). 


comments={value} 


(Optional to create or update record) User defined comments. 
Maximum of 1999 characters. 


InformixDB 


ssl_verify={0|1} 


Optional to create or update record, and valid for server that 
supports SSL) Specify 1 for a complete SSL certificate validation. 
- If ssl_verify=0, the Qualys scanners authenticate with Informix 
Servers that don’t use SSL or InformixDB servers that use SSL. 
However, in the SSL case, the server SSL certificate verification 
will be skipped. 
- If unspecified (or ssl_verify=1), the Qualys scanners will only 
send a login request after verifying that a connection to the 
InformixDB server uses SSL, the server SSL certificate is valid and 
matches the scanned host. 


hosts={value} 


(Optional to create or update record) A list of FQDNs for the hosts 
that correspond to all host IP addresses on which a custom SSL 
certificate signed by a trusted root CA is installed. Multiple hosts 
are comma separated. 


database_name={value} 


(Required to create record, optional to update record) The 
database name to authenticate to. Specify a valid InformixDB 
database name. Maximum 255 characters. 
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Parameter Description 

port=[value) Required to create record, optional to update record) The port the 
database name is running on. Valid range is 1-65535. The 
standard port for InformixDB is 1526. 

unix_config_dir={value} Optional to create or update record) The path to the Unix 
informixdb installation directory. Access to this directory is 
required to run certain checks on Unix hosts. 

unix_on_config_dir={value} (Optional to create or update record) The absolute path to the 
Unix file that contains configuration parameters of the database 
server. 

unix_sql_host_dir={value} (Optional to create or update record) The absolute path to the 
Unix file that contains database connectivity information. 

Login credentials 

login_type={basic} (Optional) The login type is basic by default. We are not 


supporting vault based authenti 


cation. 


username={value} 


(Required to create record, optional to update record) The 


username to be used for authen 


tication to Informix] 


DB server. 


password={value} 


(Required to create record, optional to update record) The 


password to be used for authen 


tication to InformixDB server. 
Maximum 100 characters (ascii). 


Target Hosts 


ips={value} 


(Req 
into 
separated. 

Optional to update record) 


uired to create record) The 


P address(es) the server will log 


in the record, and existing 


ll be removed. 


using the record’s credentials. Multiple entries are comma 


Ps specified will overwrite existing IPs 
Ps wi 


add_ips={value} 


Optional to update record 
Multiple IPs/ranges are com 


Add IPs to the IPs list for this record. 
ma separated. 


remove_ips={value} 


Optional to update record 
You may enter a combinati 
are comma separated. 


IPs to be removed from your record. 
on of IPs and ranges. Multiple entries 


This parameter and the ips parameter cannot be specified in the 


same request. 


network_id=fvalue} 


(Optional and valid when the networks feature is enabled) The 


network ID for the record. 


Sample - Create InformixDB record (with basic login and without ssl_verify) 


API request: 


curl -u 


"US 


ERNAM 


F: PASSWORD" 


"action=createétitl 


-H "X-Requested-With: 
=my-informixdb-recordéusername=informix- 


cur 


1 sample" -d 


adminé&password=test123éips=10.10.10.11&comments=informix-basic- 
ipv4&unix config dir=/opt/informix/é&port=1526é&ssl_ verify=0é&unix on 
_config dir=/opt/Informix/etc/onconfig.demo&unix sql host dir=opt/ 
Informix/etc/sqlhosts.demo&database name=dbname&login type=basic" 
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"https://qualysapi.qualys.com/api/2.0/fo/auth/informixdb/" 


XML output: 
<BATCH RETURN> 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-01-30T15:45:052</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>43025</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create InformixDB record (with ssl_verify) 


API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl sample" -d 
"action=createétitle=my-informixdb-record&username=informix- 
adminé&password=test123éips=10.10.10.11&comments=informix-basic- 
ipv4&unix config dir=/opt/informix/é&port=1526é&ssl verify=léunix on 
_config dir=/opt/Informix/etc/onconfig.demo&unix sql host dir=opt/ 
Informix/etc/sqlhosts.demo&database name=dbname&login type=basicé&h 
osts=mlinformixdb32e.s2012r2.qualys.com,mlinformixdb32e.s2008r2.qu 
alys.com" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/informixdb/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-01-30T15:47:012</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>43026</ID> 


T 
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</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH_RETURN> 


Sample - List InformixDB record 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=list&details=Basic" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/informixdb/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH INFORMIXDB LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/fo/auth/informixdb/auth informixdb 1 
ist _output.dtd"> 
<AUTH INFORMIXDB LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2019-01-30T15:19:02Z</DATETIME> 
<AUTH INFORMIXDB LIST> 
<AUTH INFORMIXDB> 
<ID>40034</ID> 
<TITLE><! [CDATA[InformixDB1] ]></TITLE> 
<USERNAME><! [CDATA [root] ]></USERNAME> 
<DATABASE><! [CDATA[informixdb] ]></DATABAS 


eal 
V 


</AUTH_INFORMIXDB> 
</AUTH_INFORMIXDB LIST> 
</RESPONSE> 
</AUTH_INFORMIXDB LIST OUTPUT> 


Sample - Update InformixDB record 


API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl sample" -d 
"action=updateé&ids=41026&title=API-informixdb-basic-login- 
updated&username=admin-updated-again&password=updated- 
passwordédatabase name=new-adminé&comments=informixdb-basic-login- 
ipv4-updated&unix config dir=/opt/informixdb/updated/again" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/informixdb/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
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"http://qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-01-30T16:00:162</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>43025</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Delete InformixDB record 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl sample" -d 
"action=delete&ids=43023,43024" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/informixdb/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"http://10.114.69.159:46445/api/2.0/batch_ return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-01-30T15: 41: 46Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID_RANGE>43023-43024</ID_ RANG 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


El 
Vv 


DTDs for auth type “informixdb” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/informixdb/auth_informixdb_list_output.dtd 
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Create, update, list and delete JBoss Server records for vulnerability and compliance scans 
(using VM, PC). Supports Windows and Unix platforms. 


Supported technologies: 


Windows - WildFly/JBoss EAP 


Unix - WildFly/JBoss EAP 


Input Parameters 


Parameter 


Description 


action={action} 


using Gl 


Required) Specify create, update, delete (using POST) or list 
ET or POST), 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the XML 
output. By default these are not included. 


ids={value} 


Req 
auth 


record ID(s). 


uired) Specify a single or comma separated valid JBoss type 


title={value} 


Req 
uniq 


uired to create record) A title for the record. The title must be 
ue. 


comment=({value} 


(Opti 


onal to create or update record) User defined comments. 


Windows platform 


windows_working mode= Optional) Input values should be standalone_mode or 
{value} domain_controller_mode. 

windows_home_path={valu Required if windows working mode is selected. 

e} 

windows_base_path= Required if windows working mode is selected. 

value} 

windows_conf_dir_path= Required if windows working mode is selected. 

value} 

windows_conf_file_path= Required if windows working mode is selected. 

value} 

windows_conf_host_file_ Required if selected Windows working mode is domain controller. 


path={value} 


Unix platform 


unix_working_mode= 
value} 


(Optional) Input values should be standalone_mode or 
domain_controller_mode. 


unix_home_path={value} 


Required if Unix working mode is selected. 
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Description 


unix_base_path={value} 


Required if Unix working mode is selected. 


unix_conf_dir_path= {value} 


Required if Unix working mode is selected. 


unix_conf_file_path= 
value} 


Required if Unix working mode is selected. 


unix_conf_host_file_path= 
value} 


Required if selected Unix working mode is domain controller. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server will log 
into using the record’s credentials. Multiple entries are comma 
separated. 

Optional to update record) IPs specified will overwrite existing IPs 
in the record, and existing IPs will be removed. 


add_ips={value} 


Optional and valid only to update record) IPs to be added to an 
existing record. You may enter a combination of IPs and IP ranges. 
Multiple entries are comma separated. 


remove_ips={value} 


(Optional and valid to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. Multiple 
entries are comma separated. 


network_id={value} 


(Optional to create or update record, and valid when the networks 
feature is enabled) The network ID for the record. 


Sample - Create JBoss Server record 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 


"action=createétitle=jbos rec&windows working mode=standalone mode 
&windows base path=c:\&windows home path=c:\&windows conf file pat 
h=c:\&windows conf dir path=c:\&comment=record 
creation&ips=10.10.10.224" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/jboss/" 


XML output: 


<BATCH RETURN> 
<RES PONSE> 


<DATETIME>2018-08-03T10:42:322</DATETIME> 
<BATCH LIST> 


<BATCH> 


<TEXT>Successfully Created</TEXT> 
<ID_SET> 

<ID>296004</ID> 
</ID_SET> 


</BATCH> 


</BATCH LIST> 


</RESPONSE> 
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</BATCH RETURN> 


Sample - List JBoss Server record 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -d 
"action=list&ids=296004" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/jboss/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH JBOSS LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/jboss/auth jboss lis 
t_output.dtd"> 
<AUTH JBOSS LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2018-08-03T10:44:39Z</DATETIME> 
<AUTH_ JBOSS LIST> 
<AUTH_JBOSS> 
<ID>296004</ID> 
<TITLE><! [CDATA[jboss_ record] ]></TITLE> 
<IP_SET> 
<IP>10.10.10.224</IP> 
</IP_SET> 
<WINDOWS> 
<HOME PATH><! [CDATA[c:\]]></HOME_PATH> 
<DOMAIN MODE><! [CDATA [true] ]></DOMAIN MODE> 
<BASE_PATH><! [CDATA[c:\]]></BASE_PATH> 
<CONF DIR PATH><! [CDATA[c:\]]></CONF_DIR_PATH> 


<CONF FILE PATH><! [CDATA[c:\]]></CONF_FILE_PATH> 
<CONF_HOST FILE PATH><! [CDATA[c:\]]></CONF_HOST FILE PAT 
H> E E E z 3 E 
</WINDOWS> 
<NETWORK ID>0</NETWORK ID> 
<CREATED> 
<DATETIME>2018-08-03T10:42:32Z</DATETIME> 


<BY>abc_pk</BY> 
</CREATED> 
<LAST_MODIFIED> 
<DATETIME>2018-08-03T10:43:582Z</DATETIME> 
</LAST_MODIFIED> 
<COMMENTS><! [CDATA [record creation] ]></COMMENTS> 
</AUTH_JBOSS> 
</AUTH_JBOSS_LIST> 
</RESPONSE> 


253 


Scan Authentication 
JBoss Server record 


</AUTH JBOSS LIST OUTPUT> 


Sample record configurations 


We have sample JBoss record configurations in our online help. Log in to your Qualys 
account and select Help > Online Help and search for JBoss. 


DTDs for auth type “jboss” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/jboss/auth_jboss_list_output.dtd 
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Kubernetes Record 
/api/2.0/fo/auth/kubernetes/ 


[POST] 


Create, update, list and delete Kubernetes records for compliance scans (using PC). This 
record is used to authenticate to a Kubernetes application (version 1.x) running on a Unix 


host. 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request=(0|1} 


Optional) Set to 1 to echo the request’s input parameters 
names and values) in the XML output. By default 
parameters are not included. 


details={Basic} 


Optional) Default value is Basic. You can choose from 
None, Basic, and All. 


ids={value} 


Required to list, update or delete record and optional to 
create record) Kubernetes authentication record IDs. 
Specify record IDs and/or ID ranges (for example, 1359- 
1407). Multiple entries are comma-separated. 


title={value} 


(Required to create record) The title of the record. The title 
must be unique and may include a maximum of 255 
characters (ascii). 


comments={value} 


(Optional) User-defined notes about the record. Maximum 
of 1999 characters (ascii). 


Kubernetes 


unix_bin_path= {value} 


(Optional) Absolute path of the 'kubectl' command. 


unix_conf_path={value} 


(Optional) Absolute path of the Kubernetes configuration 
file. 


Target Hosts 


ips={value} 


(Required to create record) The IP addresses for the 
Kubernetes targets you want to authenticate to. Multiple 
entries are comma-separated. 

This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional and valid only to update record) IPs to be added 
to an existing record. You may enter a combination of IPs 
and IP ranges. Multiple entries are comma separated. 
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Parameter Description 

remove_ips={value} (Optional and valid to update record) IPs to be removed 
from your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


network_id=fvalue} (Optional, and valid when the Networks feature is enabled) 
The network ID for the record. By default, the parameter is 
set to 0. 


Sample - Create Kubernetes record 


API request; 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl" -q 
"action=create&title=kubernetes auth 
record&unix bin path=/usr/bin/kubectl&unix conf path=/root/kube/co 
nfig&ips=10.10.10.10&comments=kube auth record" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/kubernetes/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM "https://qualysapi.qualys.com 
/api/2.0/batch return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2020-08-30T11:30:58Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>94170</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Kubernetes Record 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"action=updateéids=10001&title=kubernetes auth 

record&unix bin _path=/usr/bin/kubectléunix conf path=/root/kube/co 
nfig" 

"https://qualysapi.qualys.com/api/2.0/fo/auth/kubernetes/" 


XML output: 
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<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM "https://qualysapi.qualys.com 
/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2020-08-30T12:30:58Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>94170</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


DTDs for auth type “kubernetes” 
<platform API server>/api/2.0/fo/auth/auth_records.dtd 


<platform API server>/api/2.0/fo/auth/kubernetes/auth_kubernetes_list_output.dtd 
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MariaDB Record 
/api/2.0/fo/auth/mariadb/ 
[POST] 


Create, update, list and delete MariaDB authentication records. Compliance scans are 
supported (using PC). 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


ssl_verify={0|1} (Optional to create or update record, and valid for server 
that supports SSL) Specify 1 for a complete SSL certificate 
validation. 


- If unspecified (or ss]_verify=0), Qualys scanners 
authenticate with MySQL Servers that don’t use SSL or 
MariaDB servers that use SSL. However, in the SSL case, the 
server SSL certificate verification will be skipped. 


- If ssl_verify=1, the Qualys scanners will only send a login 
request after verifying that a connection the MariaDB 
server uses SSL, the server SSL certificate is valid and 
matches the scanned host. 


hosts={value} (Optional to create or update record) A list of FQDNs for the 
hosts that correspond to all host IP addresses on which a 
custom SSL certificate signed by a trusted root CA is 
installed. Multiple hosts are comma separated. 


database={value} (Required to create record, optional to update record) The 
database name to authenticate to. Specify a valid MariaDB 
database name. 


port={value} (Required to create record, optional to update record) The 
port the database name is running on. The default is 3306. 
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Description 


windows_config_file= 
{value} 


Optional to create or update record) The path to the 
Windows mariadb config file. Access to this config file is 
required to run certain checks on Windows hosts. 


Note: You must include one or both of these parameters in 
a create request: windows_config_file and unix_config_file. 


unix_config_file= 
{value} 


Optional to create or update record) The path to the Unix 
mariadb config file. Access to this config file is required to 
run certain checks on Unix hosts. 


£ 


Note: You must include one or both of these parameters in 
a create request: windows_config_file and unix_config_file. 


client_cert={value} 


(Optional to create or update record) PEM-encoded X.509 
certificate. Specify if certificate authentication is required 
by your server to establish an SSL connection. 


client_key={value} 


(Optional to create or update record) PEM-encoded RSA 
private key. Specify if certificate authentication is required 
by your server to establish an SSL connection. 


Login credentials 


login_type={basic|vault} 


Optional) The login type is basic by default. You can 
choose vault (for vault based authentication). 


username={value} 


Required to create record, optional to update record) The 
username to be used for authentication to MariaDB server. 


password={value} 


(Required to create record, optional to update record) The 
password to be used for authentication to MariaDB server. 


Vault 


vault_type={value} 


5 


(Required to create record when login_type=vault) 
The vault type to be used for authentication. See Vault 
Support matrix. 


vault_id={value} 


(Required to create record when login_type=vault and you 
want to retrieve private key from vault) The vault ID where 
you want to retrieve the private key from. Certain vaults 

support this capability. 


{vault parameters} 


(Required to create record when login_type=vault) 
Vault specific parameters required depend on the vault 
type you've selected. See Vault Definition. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


add_ips={value} 


(Optional to update record) Add IPs to the IPs list for this 
record. Multiple IPs/ranges are comma separated. 
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Description 


remove_ips={value} 


(Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 

This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional and valid when the networks feature is enabled) 
The network ID for the record. 


Sample - Create MariaDB record (with basic login) 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl sample" -qd 


"action=create&title=MariaDB Authl&username=root&password=abc123&i 


ps=10.10.31.86&echo request=0&unix config file=/etc/my.cnf&port=22 
&édatabase=mariadb" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mariadb/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH RETURN> 
<RES PONSE> 


<DATETIME>2018-07-17T21:56:472</DATETIME> 
<BATCH LIST> 


<BATCH> 


<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>284866</ID> 


</ID_SI 


</BATCH> 


ET> 


</BATCH LIST> 


</RESPONSE> 


</BATCH RETURN> 


Sample - List MariaDB records 


Use the new MariaDB Authentication Record List API 
(/api/2.0/fo/auth/mariadb/?action=list) to list MariaDB records. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -q 


"action=list" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/mariadb/" 
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XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH MARIADB LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mariadb/auth_ mariadb 
_list_output.dtd"> 
<AUTH MARIADB LIST OUTPUT> 
<RES PONSE> 
<DATETIME>2018-07-17T21:57:322</DATETIME> 
<AUTH MARIADB LIST> 
<AUTH MARIADB> 
<ID>284866</ID> 
<TITLE><! [CDATA[MariaDB Auth1]]></TITL 
<USERNAME><! [CDATA [root] ] ></USERNAME> 
<DATABASE><! [CDATA [mariadb] ]></DATABAS 
<PORT>22</PORT> 
<IP_SET> 
<IP>10.10.31.86</IP> 
</IP SET> 


<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 
<SSL_VERIFY>false</SSL_VERIFY> 
<WINDOWS CONF FILE><! [CDATA[]]></WINDOWS CONF_FILE> 
<UNIX CONF FILE><! [CDATA[/etc/my.cnf]]></UNIX CONF FIL 
<NETWORK_ID>0</NETWORK_ ID> 
<CREATED> 
<DATETIME>2018-07-17T21:56:47Z</DATETIME> 
<BY>seenu_yn</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2018-07-17T21:56:47Z</DATETIME> 
</LAST MODIFI 
</AUTH MARIADB> 
</AUTH MARIADB LIST> 
</RESPONSE> 
</AUTH MARIADB LIST OUTPUT> 


Fi 
V 


eal 
V 


eal 
V 


fl 
oO 
Vv 


DTDs for auth type “mariadb” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/mariadb/auth_mariadb_list_output.dtd 
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Microsoft SharePoint Record 


/api/2.0/fo/auth/microsoft_sharepoint/ 


[POST] 


List, create, update, and delete Microsoft SharePoint records for authenticated scans of 
Microsoft SharePoint instances running on Windows and Database. Microsoft SharePoint 
version 2010, 2013,2016, and 2019 are supported. 


Input Parameters 


Parameter 


Description 


action={action} 


Required) Specify create, update, delete (using POST) or list 
using GET or POST). 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} 


Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma separated. 


title={value} 


Required to create record) A title for the record. The title must 
be unique. Maximum 255 characters (ascii). 


comments={value} 


Optional to create or update record) User defined comments. 
Maximum of 1999 characters. 


Microsoft SharePoint 


db_local={0|1} 


Optional to create or update record) Set to 1 when login 
credentials are for a MS SQL Server database account. Set to 0 
when login credentials are for a Microsoft Windows operating 
system account that is associated with a MS SQL Server 
database account. When db_local is not specified during a 
create request, the flag is set to 1. 


windows_domain={value} 


(Required when db_local=0, otherwise invalid) The domain 
name where the login credentials are stored when the login 
credentials are for a Microsoft Windows operating system 
account that is associated with a MS SQL Server database 
account. The domain name may include 1-256 characters 
ascii). 


For an update request when the credentials for the record are 
for a Microsoft Windows account (db_local=0) and you want to 
change the record to use credentials for a MS SQL Server 
account (db_local=1), then you must set windows_domain=” 
the empty string) to clear the current parameter setting. 


kerberos={0|1} 


Optional to create or update record) When not specified, 
Kerberos is enabled allowing the scanning engine to try 
Kerberos when negotiating authentication to target hosts. 
Specify kerberos=0 if you do not want Kerberos attempted. 
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Parameter Description 


ntlmv2={0|1} Optional to create or update record) When not specified, 
NTLMv2 is enabled allowing the scanning engine to try 

NTLMv2 when negotiating authentication to target hosts. 
Specify ntlmv2=0 if you do not want NTLMv2 attempted. 


ntlmv1=({0|1} (Optional to create or update record) When not specified, 
NTLMv1 will not be attempted. Specify ntlmv1=1 to try 
NTMLv1 when negotiating authentication to target hosts. 


Login credentials 


username={value} Required for create request) The username of the account to 
be used for authentication. If password is specified this is the 
username of a MS SQL Server database user account used for 
SharePoint. If login_type=vault is specified, this is the 
username of a vault account. Maximum 255 characters (ascii). 


a 


password={value} For create request, password or login_type=vault is required) 
The password of the MS SQL Server database user account to 
be used for authentication. Maximum 100 characters (ascii). 


login_type={value} For create request, password or login_type=vault is required) 
Login type can be basic (default) or vault. Set to vault if a third 
party vault will be used to retrieve the password. Vault 
parameters need to be provided in the record. See Vault 
Definition. 


vault_id={value} Required if login_type=vault) The ID of the vault to be used to 
retrieve the password for login. 


vault_type={value} Required if login_type=vault) The third party vault to be used 
to retrieve the password for login. Certain vaults support this 
capability. See Vault Support matrix. 


secret_name={value} Required if vault type is Thycotic Secret Server) Specify the 
secret name that contains the password to be used for 
authentication. The scanning engine will perform a search for 
the secret name and then get the password from the secret 
returned by the search. A single exact match of the secret 
name must be found in order for authentication to be 
successful. The secret name may contain a maximum of 256 
characters, and must not contain multibyte characters. 


system_name={value} (Optional if vault type is BeyondTrust PBPS or Quest Vault) The 
managed system name (also known as asset name). When not 
specified, we'll attempt to auto-discover the system name at 
scan time. 


account_name={value} (Optional if vault type is BeyondTrust PBPS) The account name. 
When not specified, we’ll try the username specified in the 
authentication record. 
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folder=[value) 


(Required if vault type is CyberArk AIM and Cyber-ARK PIM 
Suite) Specify the name of the folder in the secure digital safe 
where the password to be used for authentication should be 
stored. The folder name can contain a maximum of 169 
characters. Entering a trailing /, as in folder/, is optional (when 
specified, the service removes the trailing / and does not save it 
in the folder name). The maximum length of a folder name 
with a file name is 170 characters (the leading and/or trailing 
space in the input value will be removed). 


These special characters cannot be included in a folder name: 
/:*? "<> |<tab> 


file={value} 


(Required if vault type is CyberArk AIM and Cyber-ARK PIM 
Suite) Specify the name of the file in the secure digital safe 
where the password to be used for authentication should be 
stored. The file name can contain a maximum of 165 
characters. The maximum length of a folder name plus a file 
name is 170 characters (the leading and/or trailing space in the 
input value will be removed). 


These special characters cannot be included in a file name: 
\/:*2"<> |<tab> 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) for the Microsoft 
SharePoint targets you want to authenticate to. Multiple 
entries are comma separated. 


Optional to update record) IPs specified will overwrite existing 
Ps in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the remove_ips 
parameter cannot be specified in the same request. 


add_ips={value} 


Optional to update record) Add IPs and/or ranges to the IPs list 
for this record. Multiple IPs/ranges are comma separated. 


This parameter and the ips parameter cannot be specified in 
the same request. 


remove_ips={value} 


(Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified in 
the same request. 


network_id={value} 


(Optional to create or update record, and valid only when the 
networks feature is enabled) The network ID for the record. 
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API request: 


curl 


"action=lis 


= 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
ECORDS OUTPUT SYSTEM 


D] 


<!DOCTYF 


"US 


py 


RNAM 


my 
E 


AU 


wom h 


TH R 


F: PASSWORD" 


?> 


"https://qualysapi.qualys.com/api/2.0/fo/au 


<AUT 


H 
<R 


R. 


ECORDS O 


UTPUT> 


ES 


PONS 


E> 


<DAT 
<AUT 


ETIM 
H RE 
<AUT 


CORDS> 


H UNIX 


IDS> 


<ID_SET> 


<I 
<I 
<I 
<I 
<I 
</ID_SI 


ET> 


</AUTH_UNIX_IDS> 


<AUTH VMWA 


RE IDS> 


<ID_SET> 


<I 
<I 
<I 
<I 
</ID_S] 


</AUTH_VMWAR 
<AUTH_POSTGR 


ET> 
IDS> 


m 
mh 
R: 
E 


<ID_SET> 


<I 
<I 
<I 
<I 
</ID_S] 


</AUTH POSTGR 


D>66387</I 
D>66389</I 
D>69602</I 
D>72224</I 
ET> 

ESQL I 


E>2020-02-14T06:40:29Z</DAT 


-H "X-Requested-With: Curl" 
ttps://qualysapi.qualys.com/api/2.0/fo/auth/" 


th/a 
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-d 


uth records.dtd"> 


ETIME 


D>63215</ID> 
D>63239</ID> 
D>65170</ID> 
D>65172</ID> 
D>66185</ID> 


D>63213</ID> 
D>63235</ID> 
D>63237</ID> 
D>63241</ID> 


SQL IDS> 


DS> 


= 
J, 


F 


<AUTH_ ORAC 


iRV 


HTTP S 


<ID_SET> 


<I 
</ID_SI 


</AUTH_ ORACLE 
ROSOFT SHAR 


<AUTH MIC 


D>66388</I 
ET> 


HTTP S 


<ID SET> 


265 


ER IDS> 


D> 


ERVER_IDS> 
EPOINT IDS> 


</RESPONS 


<ID>72222</ID> 
</ID_SET> 
</AUTH_ MICROSOFT SHAREPOINT IDS> 
</AUTH_RECORDS> 
E> 


</AUTH_ RECORDS OUTPUT> 


Sample - List Microsoft SharePoint Records with Basic Details 


API request: 


curl 


"action=lis 


"USERNAME : PASSWORD" 


t&édetails=Basic" 


-u -H 


'X-Requested-With: Curl' 


Scan Authentication 
Microsoft SharePoint Record 


-d 


"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 


jae 
XML output: 


<?xml version="1.0" encoding="UTF-8" 
<!DOCTYPE 
"https:/ 


?> 
AUTH MICROSOFT SHAREPOINT LIST OUTPUT 
/qualysapi.qualys.com/api/2.0/fo/auth/mi 


/auth_microsoft sharepoint list _output.dtd"> 


<AUT 


<WINDOWS DOMAIN><! [CDATA 


H MICROSOFT SHAREPOINT LIST> 
<AUTH MICROSOFT SHAREPOINT> 
<ID>2372474</ID> 


<TITLE><! [CDATA[SharePoint WindowsAuth] ] 
<USERNAME><! [CDATA [username] ] ></USERNAME 
<IP_SET> 

<IP>10.10.10.13</IP> 
</IP_SET> 
<MSSQL> 

<DB_ LOCAL><! [CDATA[0]]></DB_ LOCAL> 


[sample.qualys.com] ]></W 


SYSTEM 
crosoft sharepoint 


></TITLI 
> 


eal 
V 


INDOWS_DOMAIN> 


<KERBEROS><! [CDATA [1] ]></ KERBEROS> 
<NTLMV2><! [CDATA[1] ]></NTLMV2> 

</MSSQL> 

<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 

<CREATED> 
<DATETIME>2020-03-10T18:47:262Z</DATETIME> 
<BY>joe_user</BY> 

</CREATED> 

<LAST MODIFIED> 
<DATETIME>2020-03-10T18:47:262Z</DATETIME> 


</LAST MODIFIED> 
</AUTH MICROSOFT SHA 
<AUTH_ MICROSOFT SHAR 

<ID>2372483</ID> 


EK POINT> 
POINT> 


Pl 2 
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<TITLE><! [CDATA[SharePoint DatabaseAuth]]></TITLE> 
<USERNAME><! [CDATA [username] ] ></USERNAME> 
<IP_SET> 
<IP_RANGE>10.10.10.19-10.10.10.20</IP RANG 
</IP_SET> 
<MSSQL> 
<DB ,OCAL><! [CDATA[1] ]></DB_LOCAL> 
<KERBEROS><! [CDATA[1] ]></KERBEROS> 
<NTLMV2><! [CDATA[1] ] ></NTLMV2> 
<NTLMV1><! [CDATA[1]]></NTLMV1> 
</MSSQL> 
<LOGIN TYPE><! [CDATA [basic] ]></LOGIN TYPE> 
<CREATED> 
<DATETIME>2020-03-10T20:53:372Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2020-03-10T20:53:372</DATETIME> 
</LAST MODIFIED> 
</AUTH_ MICROSOFT SHAREPOINT> 


eal 
V 


Sample - List Microsoft SharePoint Records with All Details 


API request: 
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: Curl' -qd 
"action=list&details=Al1" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 
/ " 

XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH MICROSOFT SHAREPOINT LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 
/auth_ microsoft sharepoint list output.dtd"> 
<AUTH MICROSOFT SHAREPOINT LIST OUTPUT> 

<RESPONSE> 
<DATETIME>2020-03-11T22:56:20Z</DATETIME> 
<AUTH MICROSOFT SHAREPOINT LIST> 
<AUTH MICROSOFT SHAREPOINT> 
<ID>2372474</ID> 
<TITLE><! [CDATA[SharePoint WindowsAuth] ]></TITLI 
<USERNAME><! [CDATA [username] ] ></USERNAME> 
<IP_SET> 
<IP>10.10.10.13</IP> 

</IP_SET> 
<MSSQL> 


eal 
V 
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<DB LOCAL><! [CDATA[0]]></DB LOCAL> 


<WINDOWS DOMAIN><![CDATA[sample.qualys.com]]></WINDOWS DOMAIN> 

<KERBEROS><! [CDATA[1] ]></KERBEROS> 

<NTLMV2><! [CDATA[1] ] ></NTLMV2> 

</MSSQL> 

<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 

<CREATED> 
<DATETIME>2020-03-10T18:47:262Z</DATETIME> 

<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 

<DATETIME>2020-03-10T18:47:262Z</DATETIME> 

</LAST MODIFIED> 

</AUTH_ MICROSOFT SHA 

<AUTH MICROSOFT SHAR 
<ID>2372483</ID> 
<TITLE><! [CDATA[SharePoint DatabaseAuth] ]></TITLE> 
<USERNAME><! [CDATA [username] ] ></USERNAME> 


EK POINT> 
POINT> 


Pl 2 


<IP_SET> 
<IP_RANGE>10.10.10.19-10.10.10.20</IP RANGE> 
</IP_SET> 
<MSSQL> 
<DB_LOCAL><! [CDATA[1]]></DB_LOCAL> 


<KERBEROS><! [CDATA[1] ]></KERBEROS> 

<NTLMV2><! [CDATA[1] ]></NTLMV2> 

<NTLMV1><! [CDATA[1]]></NTLMV1> 

</MSSQL> 

<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 

<CREATED> 
<DATETIME>2020-03-10T20:53:372</DATETIME> 

<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 

<DATETIME>2020-03-10T20:53:372</DATETIME> 

</LAST MODIFIED> 

</AUTH_ MICROSOFT SHA 

<AUTH MICROSOFT SHAR 
<ID>2372484</ID> 
<TITLE><! [CDATA[SharePoint123]]></TITLE> 


EK POINT> 
POINT> 


Pl 2 


<USERNAME><! [CDATA [userupdate] ] ></USERNAME> 
<IP GETS 
<IP_RANGE>10.10.10.25-10.10.10.26</IP RANGE> 
</IP_SET> 
<MSSQL> 
<DB LOCAL><! [CDATA[0]]></DB_ LOCAL> 
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<WINDOWS DOMAIN><! [CDATA[sample2.qualys.com] ]></WINDOWS DOMAIN> 
<KERBEROS><! [CDATA[1] ] ></KERBEROS> 
<NTLMV1><! [CDATA[1] ] ></NTLMV1> 


</MSSQL> 

<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 

<CREATED> 
<DATETIME>2020-03-10T20:55:502</DATETIME> 


<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2020-03-11T16:19:19Z</DATETIME> 
</LAST MODIFIED> 
</AUTH MICROSOFT SHAREPOINT> 
</AUTH MICROSOFT SHAREPOINT LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN>joe_user</USER_LOGIN> 
<FIRST NAME>Joe</FIRST NAME> 
<LAST NAME>User</LAST NAME> 
</USER> 
</USER_ 
</GLOSSARY> 
</RESPONSE> 
</AUTH MICROSOFT SHAREPOINT LIST OUTPUT> 


Sample - Create Microsoft SharePoint Record 
API request with Microsoft Windows login (db _local=0): 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: Curl' -q 
"action=createétitle=SharePointéips=10.10.10.13&username=usernameé 
password=passwordédb local=0&windows domain=sample.qualys.com" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 
/" 


API request with MS SOL Server database login (db local=1): 


curl -u "USERNAME: PASSWORD" -H 'X-Requested-With: Curl' -qd 
"action=createétitle=SharePoint withDatabaseé&ips=10.10.10.14&usern 
ame=username &password=passwordédb local=1" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 
Au 
XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
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<BATCH RETURN> 


<RES PONSE> 


<DATETIME>2020-02-13T07:31:33Z</DAT 


<BATCH LIST> 
<BATCH> 


<TEXT>Successfully Created</T 


<ID_SET> 

<I 

</ID_SET> 
</BATCH> 
</BATCH_ LIST> 


</RES 


PONSE> 


</BATCH RETURN> 
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urn.dtd"> 


ETIME> 


D>72223</ID> 


Sample - Update Microsoft SharePoint Record 
API request to update basic information: 


curl -u 


"USERNAME : PASSWORD" 


-H 'X-Requested-With: Curl' 


EXT> 


-d 


"action=updateé&ids=10002&title=SharePoint2&username=newuseré&passwo 
rd=newpasswordécomments=auth-updated" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 


ja 


API request to update vault login and change to different vault: 


curl -u 


"USERNAME : PASSWORD" 


-H 'X-Requested-With: Curl' 


-d 


"action=updateéids=10003&login type=vaultévault_ type=ThycotictSecr 
et+Serverévault id=123&secret_name=secret-name" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 


ve " 
XML output: 


<?xml version="1.0" encoding="UTF-8" 


<!DOCTYPE BATCH RETURN SYSTEM 


?> 


"https://qualysapi.qualys.com/api/2.0/batch_ ret 
<BATCH RETURN> 


<RES PONSE> 


</R 


<DATETIME>2020-02-13T07:39:09Z</DAT 


<BATCH LIST> 
<BATCH> 


<TEXT>Successfully Updated</T 


<ID_SET> 


</ID_SET> 
</BATCH> 
</BATCH_ LIST> 


ES PONSE> 


urn.dtd"> 


ET IME 


<ID>72223</ID> 
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F'TURN> 


Sample - Delete Microsoft SharePoint Records 


API request for deleting single record: 


curl -u "US 


ERNAME:PASSWORD" -H 'X-Requested-With: Curl' -d 


"action=deleteé&ids=10000" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 


fn 


API request for deleting multiple records: 


eurl =u. "US 
"action=lis 


ERNAME:PASSWORD" -H 'X-Requested-With: Curl' -d 


t&ids=10000,10001" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/microsoft sharepoint 


J" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<!DOCTYPE 


<BATCH RETURN> 


<RES PONS 


<DAT 


F> 


ETIME>2020-02-13T07:40:06Z</DATETIME> 


<BATCH LIST> 
<BATCH> 


< 


<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>72223</ID> 
</ID_SET> 
/BATCH> 


</BATCH LIST> 


</RES 


PONS 


E> 


</BATCH R 


ETURN> 


DTDs for auth type “microsoft_sharepoint” 


<platform API server>/ap1/2.0/auth_records.dtd 


<platform API 


server>/api/2.0/fo/auth/microsoft_sharepoint/auth_microsoft_sharepoint_list_output.dtd 
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MongoDB Record 
/api/2.0/fo/auth/mongodb/ 
[POST] 


Create, update, list and delete MongoDB records for authenticated scans of MongoDB 
instances running on Unix. Vulnerability and compliance scans are supported (using VM, 
PC), 


- Technologies supported: MongoDB 3.x 


- For OS-level checks, make sure the IP addresses you define in your MongoDB records are 
also defined in Unix records. 


- We strongly recommend you create one or more dedicated user accounts to be used 
solely by the Qualys Cloud Platform to authenticate to MongoDB instances. 


Requirement - You must configure authentication credentials on target hosts. 


Download Qualys User Guide - MongoDB Authentication (.pdf) 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request=({0|1} Optional) Show (echo) the request’s input parameters 
names and values) in the XML output. When not specified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


title=(value} Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 

comments={value} (Optional) User defined comments. Maximum of 1999 
characters. 

ids={id1,id2,...} (Required to update or delete record) Record IDs to 


update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 


separated. 

Target Hosts 

ips={value} (Required to create record, optional to update record) 
Add IP addresses of the hosts you want to scan using this 
record. 


Overwrites (replaces) the IP address(es) in the IP list for an 
existing authentication record. The IPs you specify are 
added, and any existing IPs are removed. You may enter a 
combination of IPs and IP ranges. 
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Parameter Description 

add_ips={value} (Optional to update record) Add IP address(es) to the IP list 
for an existing authentication record. You may enter a 
combination of IPs and IP ranges. 

remove_ips={value} (Optional to update record) IPs to be removed from your 


record. You may enter a com 
tiple entries are comma 


Mul 


bination of IPs and ranges. 
separated. 


network_id={value} 


(Op 


tiona 


to create or update record, and valid when the 


networks feature is enabled 


[he network ID for the record. 


MongoDB 


unix_conf_file={value} 


Required for create request 
configuration file on your Unix assets (IP addresses). The 
file must be in the same location on all assets for this 

record. Maximum 255 characters (ascii). 


The full path to the MongoDB 


database_name={value} 


(Req 


ogin 
vaul 


uired for create request) The username of the account 
to be used for authentication to the database. If password 

is specified this is the username of a MongoDB account. If 
_type=vault is specified, this is the username of a 

t account. Maximum 255 characters (ascii). 


port={value} 


(Req 
instance is running. Default 


uired for create request) The port where the database 


is 27017. 


ssl_verify=({0|1} 


Req 


uired if ss]_verify=1 
addresses on whichac 
trusted root CA is installed. 


) A list of FQDNs for all host IP 
ustom SSL certificate signed by a 


hosts={value} 


addresses on whichac 
trusted root CA is installed. 


Required if ssl_verify=1) A list of FQDNs for all host IP 
ustom SSL certificate signed by a 


Login credentials 


credential_type=locallexte 
rnal 


Optional) The credential type is local by default which 
means login credential type is local authentication. You 
need to set credential type to external for LDAP 

authentication option. 


cleartext=0|1 


Optional) You must set credential_type to external to use 
cleartext parameter. The default value for cleartext is 0. 
You must set this parameter to 1 for successful MongoDB 
authentication for LDAP. 


login_type={basic|vault| 
pkcert} 


(Opti 


onal) The login type is basic by default. You can 


choose vault (for vault based authentication) or pkcert (for 


certi 


ficate based authentication). 


username={value} 


(Req 
login 


uired to create record when login_type=basic or 
_type=vault) 


The username of the MongoDB account to be used for 


auth 


entication. Maximum 100 characters (ascii). 


password={value} 


(Req 


uired to create record when login_type=basic) 


The password of the MongoDB account to be used for 


authentication. Maximum 100 characters (ascii). 
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Description 


Vault 


vault type=[value) 


(Required to create record when login_type=vault) 
The vault type to be used for authentication. 
See Vault Support matrix 


vault_id={value} 


(Required to create record when login_type=vault and you 
want to retrieve private key from vault) The vault ID where 
you want to retrieve the private key from. Certain vaults 

support this capability. 


vault parameters} 


(Required to create record when login_type=vault) 
Vault specific parameters required depend on the vault 
type you've selected. See Vault Definition 


private_key_vault_id= 
value} 


(Required to create record when login_type=vault and you 
want to retrieve passphrase from vault) The vault ID where 
you want to retrieve the passphrase from. Certain vaults 

support this capability. See Vault Support matrix 


passphrase_vault_id= 
value} 


(For create request, required when login_type=vault and 
you want to retrieve passphrase from vault) The vault ID 
where you want to retrieve the passphrase from. Certain 
vaults support this capability. See Vault Support matrix 


private_key={value} 


For create request, required when login_type=pkcert) The 
private key to be used for authentication. Certain vaults 
support this capability. See Vault Support matrix 


passphrase={value} 


(For create request, required when login_type=pkcert and 
passphrase_vault_id is not specified) The private key 
passphrase value of an encrypted private key. Maximum 
255 characters (ascii). Certain vaults support this 
capability. See Vault Support matrix 


certificate={value} 


For create request, optional when login_type=pkcert ) The 
passphrase X.509 certificate content. 


Sample - Create MongoDB record - basic login 


API request: 


curl -u 


"USERNAME : PASSWORD" 


curl sample" -d 


-H "X-Requested-With: 


"action=createétitle=API-mongodb-basic-login&username=joe useré&pas 


sword=12345abcé&ips=10.20.32.239&comments=mongo-basic-login&unix co 
nf _path=/etc/mongod3.conféport=28020&ssl verify=0&database name=ad 
min" "https://qualysapi.qualys.com/api/2.0/fo/auth/mongodb/" > 


file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
BATCH RETURN SYSTEM 


<!DOCTYPE 


?> 


"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH RETURN> 
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<RESPONSE> 
<DATETIME>2018-04-12T22:43:27Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>125709</ID> 
</ID_SET> 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create MongoDB record, using SSL 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=createé&title=API-mongo-basic-login-with-ssl-verifyl hostséuse 
rname=mongo-admin&password=test123éips=10.20.32.239&comments=mongo- 
basic-login-ssl_hosts&unix conf path=/opt/mongodb/éport=27018&ssl ver 
ify=1éhosts=abc123.s2012r2.lab.acme.com],abc123.s2008r2.lab.acme.com" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mongodb/" > file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-03-12T22:45:06Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>125710</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create MongoDB record, using vault 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=createé&title=API-mongo-vault-CA_Accessé&ips=10.20.32.239&comme 
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-CA-Access-vault_loginé&unix_conf_path=/opt/mongodb4.conf/&po 
login_type=vault&vault_type=CA Access 


Controlévault_id=166657&end_point_name=nameé&end_ point type=typeé&end p 
oint_container=container&username=joe user" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mongodb/" > file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 


<RES PONSE> 


<DATE 


ITIME>2018-03-12T22:46:47Z</DATETIME> 


<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 


</ID_SET> 
</BATCH> 
</BATCH_ LIST> 


<ID>125711</ID> 


</RESPONSE> 


</BATCH RETURN> 


Sample - Create MongoDB Record for LDAP Authentication 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d 


"action=create&title=Samplel&username=mlqa&password=12345abc&ips=10.20.32 
.107&comments=Creating through API 


v2.0&unix_ 


name=admi 


conf path=/etc/mongod3111.confé&port=28021é&ssl_ verify=0&database 
n&credential type=external&cleartext=1" 


“https://qualysapi.qualys.com/api/2.0/fo0/auth/mongodb" 


XML output: 


<?xml vers 


<!DOCTYPE 


ion="1.0" encoding="UTF-8" ?> 
BATCH RETURN SYSTEM 


"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH_ RET 


URN> 


<RES PONSE 


> 


<DATET 


IME>2020-09-08T06:15:39Z</DATETIME> 


<BATCH 
<BAT 


<T] 


<I 


<i 
</BA 


Lists 


CH> 
EXT>Successfully Created</TEXT> 
D SET> 
<ID>3052106</ID> 
ID_SET> 

TCH> 
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H LIST> 
> 


F'TURN> 


DB records 


curl -u "US 


ERNAME : PASSWORD" -d 


-H "X-Requested-With: Curl Sample" 


"action=lis 


t&édetails=Al1" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/mongodb/" > file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


?> 


<!DOCTYPE AUTH MONGODB LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mongodb/auth_mongodb 
_list_output.dtd"> 
<AUTH MONGODB LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2017-09-12T22:42:45Z</DATETIME> 
<AUTH MONGODB_LIST> 
<AUTH MONGODB> 
<ID>125693</ID> 
<TITLE><! [CDATA[API-mongo-basic-login] ]></TITLE> 
<USERNAME><! [CDATA [mongo-admin-name] ] ></USERNAME> 
<DATABASE><! [CDATA [db-admin-name] ] ></DATABASE> 
<PORT>28020</PORT> 
<UNIX CONFIGURATION FILE><! [CDATA[/opt/mongodb/updated] ]></UNIX CO 
NFIGURATION FILE> u 
<IP SET> 
<IP>10.20.32.239</IP> 
</IP_SET> 
<LOGIN TYPE><! [CDATA [basic] ]></LOGIN TYPE> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2017-09-12T20:22:092Z</DATETIME> 


DTDs for auth type “mongodb” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/mongodb/auth_mongodb_list_output.dtd 
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MS Exchange Server 
/api/2.0/fo/auth/ms_exchange/ 
[POST] 


Create, update, list and delete MS Exchange Server authentication records. Compliance 
scans are supported (using PC). 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


Target Hosts 


ips={value} (Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


add_ips={value} Optional to update record) Add IPs to the IPs list for this 
record. Multiple IPs/ranges are comma separated. 


remove_ips={value} Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


[his parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} (Optional and valid when the networks feature is enabled) 
[he network ID for the record. 


Sample - Create MS Exchange Server record 
API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl sample" -d 
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"action=createénetwork id=0&title=fordeltes&comments=editapicommen 
t&ips=10.10.10.31" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_exchange/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-03-20T08:26:54Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>49029</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - List MS Exchange Server records 


Use the new MS Exchange Server Authentication Record List API 
(/api/2.0/fo/auth/ms_exchange/?action=list) to list MS Exchange Server records. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=list&details=Basic" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_exchange/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH MS EXCHANGE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_ exchange/auth ms_ 
exchange list _output.dtd"> 
<AUTH MS EXCHANGE LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2019-03-20T07:26:382Z</DATETIME> 
<AUTH MS EXCHANGE LIST> 
<AUTH MS EXCHANGE> 
<ID>48050</ID> 
<TITLE> 
<! [CDATA[msexchange01] ]> 
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</TITLE> 
<IP_SET> 
<IP>10.10.10.10</IP> 
</IP_SET> 
ETWORK_ ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2019-03-14T07:05:052</DATETIME> 
<BY>quays_spl</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2019-03-14T07:05:05Z</DATETIME> 
</LAST MODIFIED> 
<COMMEN 
<! [CDATA[msexchange] ] > 


n 


</ COMM 
</AUTH MS F 


<AUTH MS EXCHANGE> 
<ID>49026</ID> 
<TITLE> 

<! [CDATA [apicreate]]> 

</TITLE> 

<IP SET> 

<IP>10.10.10.13</IP> 

</IP SET> 

<NETWORK ID>0</NETWORK ID> 

<CREATED> 
<DATETIME>2019-03-19T11:46:232</DATETIME> 
<BY>quays_spl</BY> 

</CREATED> 

<LAST MODIFIED> 
<DATETIME>2019-03-19T11:56:572</DATETIME> 

</LAST MODIFIED> 

<COMMEN 
<! [CDATA[editapicomment] ]> 


£ 


</COMM 
</AUTH MS EXCHANGE> 
</AUTH_ MS EXCHANGE LIST> 
</RESPONSE> 
</AUTH MS EXCHANGE LIST OUTPUT> 


DTDs for auth type “ms_exchange” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/ms_exchange/auth_ms_exchange_list_output.dtd 
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Sample: Update MS Exchange Server record 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl sample" -d 
"action=update&ids=49029&title=forupdate&comments=editwapicomment& 
ips=10.10.10.11" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_exchange/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-03-20T08:29:48Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>49029</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample: Delete MS Exchange Server record (single) 


API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl sample" -d 


"action=deleteéids=49026" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_exchange/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-03-20T07:56:002Z2</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>49026</ID> 
</ID_SET> 
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</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample: Delete MS Exchange Server records (bulk) 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl sample" -d 
"action=delete&ids=49028,49029" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_exchange/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-03-20T08:31:352</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID_RANGE>49028-49029</ID_ RANG 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


eal 
V 
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MS SQL Record 
/api/2.0/fo/auth/ms_sql/ 
[POST] 


Create, update, list and delete MS SQL Server authentication records. Compliance scans 
are supported (using PC). 


Requirement - You must configure authentication credentials on target hosts. 
Download Qualys User Guide - MS SQL Server 2000 Authentication (.pdf) 
Download Qualys User Guide - MS SQL Server 2005-2019 Authentication (.pdf) 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} (Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 


separated. 
title={value} (Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 
comments={value} (Optional) User defined comments. Maximum 1999 
characters. 


Login credentials 


username={value} (Required to create record, optional to update record) The 
user account to be used for authentication. May include 1- 
128 characters. 


password={value} (Required to create record, optional to update record) The 
password corresponding to the user account defined in the 
record for authentication. May include 1-128 characters. 


db_local={0|1} Optional to create or update record) Set to 1 when login 
credentials are for a MS SQL Server database account (for 
Windows or Unix). Set to 0 when login credentials are for a 
Microsoft Windows operating system account that is 
associated with a MS SQL Server database account. For 
create record, if the db_local parameter is unspecified, the 
flag is set to 1. 
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Description 


windows_domain={value} 


(Required when db_local=0, otherwise invalid) 


The domain name where the login credentials are stored 
when the login credentials are for a Microsoft Windows 
operating system account that is associated with a MS SQL 
Server database account. The domain name may include 
1-256 characters (ascii). 


For an update request when the credentials for the record 
are for a Microsoft Windows account (db_local=0) and you 
want to change the record to use credentials for a MS SQL 
Server account (db_local=1) note the following. You must 
set windows_domain="' (the empty string) to clear the 
current parameter setting. 


auth_os_type=({unix|windo 
ws} 


Optional when db_local=1) Specify “unix” when the OS 
type is Unix and “windows” when the OS type is Windows. 


mssql_unix_insta_path= 
value} 


Optional when auth_os_type=unix) Specify the path to the 
MS SQL Server instance directory on Unix hosts. Sample 
value: /var/opt/mssql 


mssql_unix_conf_path= 
value} 


Optional when auth_os_type=unix) Specify the path to the 
MS SQL Server configuration file on Unix hosts. Sample 
value: /var/opt/mssql/mssq.conf 


instance={value} 


(Optional to create or update record for Windows, Required 
to create record for Unix and Optional to update record for 
Unix) The name of the database instance to be scanned. 
This is the instance name assigned to the TCP/IP port. 
Important: This is not the host name that is assigned to the 
MS SQL Server instance name (see “MS SQL Server Instance 
Name” in the Qualys online help for information). The 
instance name may include a maximum of 128 characters 
ascii). 


If the instance parameter is not specified for Windows, the 
instance name is set to “MSSQLSERVER”. 


These parameters are mutually exclusive: instance and 
auto_discover_instances=1. 


auto_discover_instances= 
{0/1} 


(Optional when auth_os_type=windows) Set 
auto_discover_instances=1 and we'll find all MS SQL Server 
instance names on each Windows host. Note that Windows 
authentication is required in order for us to auto discover 
instance names. Set up Windows authentication records 
for the hosts running MS SQL Servers. 


These parameters are mutually exclusive: instance and 
auto_discover_instances=1. 
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database=[value) 


(Optional to create or update record) The database name of 
the database to be scanned. The database name may 
contain a maximum of 128 characters. For a create 
request, if the database name is unspecified, the database 
name is set to “master”. 


auto_discover_databases= 
{0/1} 


(Optional to create or update record) Set 
auto_discover_databases=1 and we'll find all MS SQL 
Server database names on each host. 


These parameters are mutually exclusive: database and 
auto_discover_databases=1. 


port={value} 


(Required to create record, optional to update record) 


[he port number assigned to the database instance to be 
scanned. 


To create a record you must specify one of these 
parameters: port or auto_discover_ports=1. These 
parameters are mutually exclusive. 


auto_discover_ports={0|1} 


Set auto_discover_ports=1 and for each host we'll find all 
ports MS SQL Server is running on. Note that 
Unix/Windows authentication is required for us to auto 
discover ports. Set up Unix/Windows authentication 
records for your hosts running MS SQL Server. 


To create a record you must specify one of these 
parameters: port or auto_discover_ports=1. These 
parameters are mutually exclusive. 


Target Hosts 


ips={value} 


You may enter a combination of IPs and IP ranges to 
identify compliance hosts. Multiple entries are comma 
separated. 


Optional to update record) Overwrites (replaces) the IP list 
for the authentication record. The IPs you specify are 
added and any existing IPs are removed. 


For create request, it is required to specify either this 
parameter or member_domain parameter. 


For update request, this parameter and the add_ips or 
remove_ips or member_domain parameter cannot be 
specified in the same request. 
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Description 


add_ips={value} 


(Optional to update record) You may enter a combination 
of IPs and IP ranges to identify compliance hosts. Multiple 
entries are comma separated. 


This parameter is used to update an existing IP list in an 
existing authentication record. Specifies one or more IP 
addresses to add to the IP list for the authentication record. 


This parameter and the ips or member_domain parameter 
cannot be specified in the same request. 


remove_ips={value} 


(Optional for update request only) IPs to be removed from 
your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


This parameter and the ips or member_domain parameter 
cannot be specified in the same request. 


network_id={value} 


(Optional and only valid when the networks feature is 
enabled) The network ID for the record. 


member_domain={value} 


(Optional and only valid for Windows) Defines the domain 
of the MS SQL server for the authentication record. 


For create request, it is required to specify either this 
parameter or ips or add_ips parameter. 


For update request, this parameter and the ips or add_ips 
or remove_ips parameter cannot be specified in the same 
request. 


Protocols (Windows only) 


kerberos={0|1} 


(Optional to create or update record) When not specified, 
Kerberos is enabled allowing the scanning engine to try 
Kerberos when negotiating authentication to target hosts. 
Specify kerberos=0 if you do not want Kerberos attempted. 


ntlmv2={0|1} 


Optional to create or update record) When not specified, 
NTLMv2 is enabled allowing the scanning engine to try 

NTLMv2 when negotiating authentication to target hosts. 
Specify ntlmv2=0 if you do not want NTLMv2 attempted. 


ntlmv1={0|1} 


Optional to create or update record) When not specified, 
NTLMv1 will not be attempted. Specify ntlmv1=1 to try 
NTMLv1 when negotiating authentication to target hosts. 
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Sample Create MS SQL Record for Unix 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 
"action=create&title=MSSQL UNIXéusername=rooté&password=rooté&db_ local=1&ip 
s=10.10.10.10&auto discover ports=l&auto_ discover databases=lé&auth_os typ 
e=unixéinstance=mssqlémssgl unix conf path=/var/opt/mssql/mssql.conf&émssq 
l_unix_insta_path=/var/opt/mssql" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/" 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-05-17T08:26:312Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>103473</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample - List record for Windows using member domain 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"action=listé&echo request=1l&ids=13907" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE AUTH MS SQL LIST OUTPUT SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/auth_ms_ sql _ 1 

ist _output.dtd"> 

<AUTH MS SQL LIST OUTPUT> 

<REQUEST> 

<DATETIME>2017-09-20T05:34:372</DATETIME> 

<USER_LOGIN>user_john</USER_LOGIN> 

<RESOURCE> 

https: //qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/ 

RESOURCE> 

<PARAM LIST> 


A 
s 
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<PARAM> 
<KEY>action</KEY> 
<VALUE>1list</VALU 
</PARAM> 
<PARAM> 
<KEY>echo_request</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>ids</KEY> 
<VALUE>13907</VALU 
</PARAM> 
</PARAM LIST> 
</REQUEST> 
<RESPONSE> 
<DATETIME>2017-09-20T05:34:372Z</DATETIME> 
<AUTH MS SQL LIST> 
<AUTH MS SQL> 
ID>13907</ID> 
TITLE><! [CDATA[mssqlvt4] ]></TITLE> 
USERNAME><! [CDATA[administrator] ]></USERNAME> 
TLM V2>1</NTLM V2> 
ERBEROS>1</KERBEROS> 
NSTANCE><! [CDATA [MSSQLSERVER] ] ></INSTANCE> 
DATABASE><! [CDATA [master] ] ></DATABASE> 
PORT>8012</PORT> 
DB ,OCAL>1</DB_ LOCAL> 


ea 
V 


E 


CI 


eal 
V 


GI 


HOA 


cap er cer et = ASA aS Pd 1 


<MEMBER_DOMAIN><! [CDATA[sitedomain.com] ]></MEMBER_DOMAIN> 
<NETWORK_ID>0</NETWORK ID> 
<CREATED> 
<DATETIME>2017-09-20T05:26:312Z</DATETIME> 
<BY>user_ john</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2017-09-20T05:26:312Z</DATETIME> 
</LAST MODIFIED> 
<COMMENTS><! [CDATA[authcreated] ] ></COMMENTS> 
</AUTH_MS_ SQL> 
</AUTH_MS SQL LIST> 
</RESPONSE> 
</AUTH MS SQL LIST OUTPUT> 
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Sample - Create record for Windows using member domain 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d 
"action=createé&title=mssqlvtléusername=administratoré&password=abcl 
23&db_ local=lé&port=8012&member domain=sitedomain.com&echo request= 
lé&comments=aut hcreated&instance=MSSOLSERVER&database=master" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE BATCH RETURN SYSTEM 

"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 

<BATCH RETURN> 

<REQUEST> 
DATETIME>2018-03-20T05:26:312Z</DATETIME> 

USER LOGIN>user john</USER_LOGIN> 

RESOURCE> 


https: //qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/</RESOURCE> 
<PARAM LIST> 
<PARAM> 
<KEY>action</KEY> 
<VALUE>create</VALU 
</PARAM> 
<PARAM> 
<KEY>title</KEY> 
<VALUE>mssqlvt4</VALU 
</PARAM> 


i 
V 


za] 
V 


<KEY>username</KEY> 
<VALUE>administrator</VALU 
</PARAM> 


eal 
V 


<KEY>password</KEY> 
<VALUE>abc123</VALU 
</ PARAM> 
<PARAM> 
<KEY>db_local</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>port</KEY> 
<VALUE>8012</VALU 
</PARAM> 
<PARAM> 


eal 
V 


* 


ea 
V 
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<KEY>member domain</KEY> 
<VALUE>sitedomain. com</VALUI 
</PARAM> 
<PARAM> 
<KEY>echo_request</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>comments</KEY> 
<VALUE>authcreated</VALU 
</PARAM> 
<PARAM> 
<KEY>instance</KEY> 
<VALUE>MSSQLSERVER</VALUE> 
</PARAM> 


eal 
V 


F 
V 


7 


<KEY>database</KEY> 
<VALUE>master</VALU 
</PARAM> 
</PARAM LIST> 
</REQUEST> 
<RESPONSE> 
<DATETIME>2018-03-20T05:26:312</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>13907</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


ea) 
V 


Sample - Update record for Windows using member domain 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -qd 


"action=updateéecho request=1éids=13907&member domain=webdomain.co 
me 


"https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
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"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BAT 
<R 


</ 
<R 


</RESPONS 


</BA 


CH_RETURN> 
EQUEST> 


ESOURCE>h 
</RESOURCE> 
| LISTS 
PARAM> 

<KEY>ac 


tion</KEY> 


E> 


</PARAM> 


<KEY>ids</K 


update</VALU 


eal 
V 


EY> 


</PARAM> 


E>13907</VALU 


ea 
V 


<KEY>echo_request</KEY> 
E>1</VALUE> 


<KEY>member domain</KEY> 


<VALU 
</PARAM> 
</PARAM LIST> 
REQUEST> 
ESPONSE> 
<DAT 
<BATCH_ LIST> 
<BATCH> 
<TEXT>S 
<I 
</ID_SET> 
</BATCH> 
</BATCH_LIST> 
E> 
TCH_RETURN> 


DTDs for auth type “ms_sql” 


ETIME>2018-03-20T05:37:132</DAT 
ER LOGIN>user john</US] 
ttps://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/ 


ER LOGIN> 


E>webdomain.com</VALU 


<platform API server>/api/2.0/batch_return.dtd 


Ey 


ETIME>2018-03-20T05:37:132Z</DAT 


uccessfully Updated</T! 
D SET><ID>13907</ID> 


ETIM 


E> 


ETIME 


EXT> 


<platform API server>/api/2.0/fo/auth/ms_sql/auth_ms_sql_list_output.dtd 
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MySQL Record 
/api/2.0/fo/auth/mysql/ 
[POST] 


Create, update, list and delete MySQL records for authenticated scans of MySQL Server 
instances. Vulnerability and compliance scans are supported (using VM, PC). 


Requirement - You must configure authentication credentials on target hosts. 


Download Qualys User Guide - MySQL Authentication (.zip) 


Input Parameters 


Parameter Description 


action={action} Required) Specify create, update, delete (using POST) 
or list (using GET or POST). 


echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in 
the XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} Required to create record) A title for the record. The 
title must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


ssl_verify=(0|1} ((Optional to create or update record, and valid for 
server that supports SSL) Specify 1 for a complete SSL 
certificate validation. 


- If unspecified (or ssl_verify=0), Qualys scanners 
authenticate with MySQL Servers 

that don't use SSL or MySQL servers that use SSL. 
However, in the SSL case, the server 

SSL certificate verification will be skipped. 


- If ssl_verify=1, the Qualys scanners will only send a 
login request after verifying that a connection the 
MySQL server uses SSL, the server SSL certificate is 
valid and matches the scanned host. 


hosts={value} (Optional to create or update record) A list of FQDNs for 
the hosts that correspond to all host IP addresses on 
which a custom SSL certificate signed by a trusted root 
CA is installed. Multiple hosts are comma separated. 
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Description 


database=[value) 


(Required to create, optional to update record) The 
database name to authenticate to. Specify a valid 
MySQL database name. 


port={value} 


(Required to create, optional to update record) The port 
the database name is running on. 


windows_config_file= 
{value} 


Optional to create or update record) The path to the 
Windows MySQL config file. Access to this config file is 
required to run certain checks on Windows hosts. 


Note: You must specify either windows_config_file or 
unix_config_file depending on the host OS. 


unix_config_file=[value} 


Optional) Name of the client (Consultant type 
subscriptions). 


Note: You must specify either windows_config_file or 
unix_config_file depending on the host OS. 


chent_cert={value} 


(Optional to create or update record) PEM-encoded 
X.509 certificate. Specify if certificate authentication is 
required by your server to establish an SSL connection. 


chent_key={value} 


(Optional to create or update record) PEM-encoded RSA 
private key. Specify if certificate authentication is 
required by your server to establish an SSL connection. 


Login credentials 


login_type={basic|vault} 


T 


(Optional) The login type is basic by default. Specify 
login_type=vault to use an authentication vault. 


username=fvalue} 


(Required to create record, optional to update record) 
The username of the account to be used for 
authentication. If password is specified this is the 
username of a MySQL account. If login_type=vault is 
specified, this is the username of a vault account. 


password=fvalue} 


(Required to create record, optional to update record) 
The password to be used for authentication to MySQL 
server. Maximum 100 characters (ascii). 


Vault 


vault_type={value} 


(Required only when action=create and login_type= 
vault) The vault to be used for authentication. See 
Vault Support matrix. 


vault_id=fvalue} 


Required only when action=create and login_type= 
vault) The ID of the vault you want to use. 


[vault parameters} 


Required only when action=create and 
ogin_type=vault) Vault specific parameters required 
depend on the vault type you've selected. See Vault 
Definition. 


Target Hosts 
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Parameter Description 

ips=[value) (Required to create record) The IP address(es) the server 
will log into using the record's credentials. Multiple 
entries are comma separated. 


1 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be 
removed. 


add_ips={value} (Optional to update record) Add IPs to the IPs list for 
this record. Multiple IPs/ranges are comma separated. 


remove_ips={value} (Optional to update record) IPs to be removed from 
your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


This parameter and the ips or member_domain 
parameter cannot be specified in the same request. 


network_id={value} (Optional and valid when the networks feature is 
enabled) The network ID for the record. 


Sample - List MySQL record 


You'll see vault information in the XML output when you list MySQL authentication 
records with vaults. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"action=list&ids=284212" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH MYSQL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/auth mysql lis 
t_output.dtd"> 
<AUTH MYSQL LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2018-07-17T17:09:18Z</DATETIME> 
<AUTH MYSQL LIST> 
<AUTH MYSQL> 
<ID>284212</ID> 
<TITLE><! [CDATA[api-Thycotic Secret Server tss]]></TITLE> 
<USERNAME><! [CDATA[test_tss] ] ></USERNAME> 
<DATABASE><! [CDATA [mysql] ]></DATABASE> 


<PORT>22</PORT> 
<HOSTS> 

<HOST><! [CDATA[www.test.com] ]></HOST> 
</HOSTS> 
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<IP_SET> 


<IP>10.10.10.181</IP> 


</IP_SET> 
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<LOGIN_TYPE><! [CDATA[vault]]></LOGIN_TYPE 
<DIGITAL_VAULT> 
<DIGITAL VAULT_ID><! [CDATA[166638] ]></DIGITAL VAULT_ID> 
<DIGITAL VAULT _TYPE><! [CDATA[Thycotic Secret 
Server] ]></DIGITAL VAULT TYPE> 
<DIGITAL VAULT _TITLE><! [CDATA[3 Secret 
Server] ]></DIGITAL VAULT TITLE> Ü 
<VAULT SECRET NAME><![CDATA[secret]]></VAULT SECRET NAME> 
</DIGITAL VAULT> 
<SSL_VERIFY>true</SSL_VERIFY> 
<WINDOWS CONF _FILE><! [CDATA[c:\mysql\myu.ini]]></WINDOWS_CONF_FILE 
_ = 2 E = 
<UNIX_CONF_FILE><! [CDATA[]]></UNIX_CONF_FILE> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2018-07-16T21:53:55Z</DATETIME 
<BY>seenu_yn</BY> 
</CREATED> 
<LAST_MODIFIED> 
<DATETIME>2018-07-16T21:55:05Z</DATETIME 
</LAST_MODIFIED> 
<COMMENTS><! [CDATA[test comments] ] ></COMMENTS> 
</AUTH_MYSQL> 
</AUTH_MYSQL LIST> 
</RESPONSE> 
</AUTH_MYSQL LIST _OUTPUT> 
Sample - Create new MySQL record 
API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d 


"action=createétitle=NewMySQLRecord&username=US 


ERNAM 


E&password=PAS 


SWORD&ips=10.10.31.84&echo request=l&windows config file=c:\mysql\ 
my.iniéport=22édatabase=mysql" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
<!DOCTYPE 


THEE 


<BATCH_RET 


<R 


ps:/ 


BATCH R 
/q 
URN> 


ESPO 


NSE> 


<DAT 


ETIME>201 


?> 


ETURN SYSTEM 


8-07-27T17:02:23Z</DAT 


ETIME 
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ualysapi.qualys.com/api/2.0/batch return.dtd"> 


<BATCH LIST> 
<BATCH> 


<T 
<E 


</BATCH_ 


EXT>Successfully Created</T! 
D_SET> 


<ID>291734</ID> 
< 1 
</BATCH> 


E> 


</RESPONS 


</BATCH_R 


ET 
E 


URN> 


D SET> 


LIST> 


Sample - Create MySQL record, using vault 


API request: 


eurl -=ü 


"US 


ERNAME : PASSWORD" 


EXT> 


-H "X-Requested-With: 


Scan Authentication 
MySQL Record 


curi" =q 


"action=create&ips=10.10.10.189&username=USERNAM 


Cyberark- 


vault l9&ssl_verify=l&login type=vault&vaul 
Suite&vault id=166655&folder=folder&fil 


comments=test 
comments&port=8080&database=mysqldb&windows config file=c:\mysql\m 
yu.ini&unix config file=/etc/updated/my.ucnf" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


<!DOCTYPE 


"https://q 
<BATCH RET 


B&title=api- 


=fil 


BATCH RETURN SYSTEM 


<RES PONS 


<DATETIM 


<BATCH LIST> 
<BATCH> 


<T 
<I 


</BATCH_ 


EXT>Successfully Created</T! 
D SET> 


<ID>291735</ID> 
</I 
</BATCH> 


D SET 


[> 


LISI 


</RESPONS 


E> 


</BATCH_R 


ET 
E 


URN> 


[> 
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?> 


E>2018-07-27T17:14:57Z</DATETIME> 


EXT> 


t_type=CyberArk PIM 
é&hosts=www.testl.comé 


ualysapi.qualys.com/api/2.0/batch_ return.dtd"> 
URN> 
E> 


Sample - Update MySQL record 


API request: 


curl 


-d "action= 


XML output: 


<BATCH R 


Scan Authentication 
MySQL Record 


-u "USERNAME : PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


ETURN> 


<RESPONSE> 
<DATETIME>2018-01-23T17:14:28Z</DAT 
<BATCH LIST> 


</BA 


update &ids=137296922spassword=N 
"https://qualysapi.qualys.com/api/2.0/fo/a 


EWPASSWORD" 
uth/mysql/" 


ETIME> 


<BATCH> 


<TEXT>Successfully Updated</TEXT> 


<ID_SET> 

<ID>137296922</ID> 
</ID_SET> 

</BATCH> 


</BATCH LIST> 


</RES 


PONSE> 


TCH R 


F'TURN> 


Sample - Update vault details in MySQL record 


API request: 


curl 


PIM 


-u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -q 
"action=updateé&ids=272380&ips=10.10.10.19&username=USERNAMEétitle= 
NewMySQLRecordéssl_ verify=0élogin type=vaultévault_ type=CyberArk 


Suite&évault_id=248308éfolder=folderéfil 
é&écomments=test comments updated" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/" 


XML output: 


=fi 


le&hosts=www.qualys.com 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DO 
"qua 
<BAT 

<R 


CTYPE 


BATCH RETURN SYSTEM 


lysapi.qualys.com/api/2.0/batch_ ret 
CH RETURN> 


ES PONSE> 


<DATETIME>2018-07-27T21:53:552</DAT 


urn.dtd"> 


ETIME 


<BATCH_LIST> 
<BATCH> 

<TEXT>Successfully Created</TEXT> 

<ID_SET> 


<ID>284212</ID> 


</ID_SET> 
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</RE 


</BATCH> 
</BATCH LIST> 


iS PONS 


E> 


</BATCH_RET 


URN> 


DTDs for auth type “mysql” 


<platform API server>/api/2.0/batch_return.dtd 


Scan Authentication 
MySQL Record 


<platform API server>/api/2.0/fo/auth/mysql/auth_mysql_list_output.dtd 
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Neo4j Record 
/api/2.0/fo/auth/neo4j/ 
[POST] 


Scan Authentication 
Neo4j Record 


Create, update, list and delete Neo4j authentication records. Compliance scans are 
supported (using PC and SCA). User permissions for this API are the same as other 


authentication record APIs. 


Requirement - You must configure authentication credentials on target hosts. 


Download Qualys User Guide - Neo4j Authentication 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


ids={value} 


(Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


ips={value} 


Required to create record) Enter a combination of IPs and 
P ranges to identify compliance hosts. Multiple entries are 
comma separated. 


add_ips={value} 


(Optional and valid only to update record) Add IPs to the IP 
ist for an existing record. You may enter a combination of 
Ps and IP ranges. Multiple entries are comma separated. 


remove_ips={value} 


(Optional and valid only to update record) IPs to be 
removed from your record. You may enter a combination of 
Ps and ranges. Multiple entries are comma separated. 


database={value} 


Optional to create or update record) The database name of 
the Neo4j database to be scanned. The database name may 
contain a maximum of 255 multi-byte characters. 


port={value} 


Required to create record, optional to update record) The 
port number assigned to the database instance to be 
scanned. 


login_type=(basic|vault} 


Optional) The login type is basic by default. You can 
choose vault (for vault based authentication). 


username={value} 


Required to create record, optional to update record) The 
username to be used for authentication to Neo4j. 


password={value} 


Required to create record) When login_type=basic, specify 
the password to be used for authentication to Neo4j. 
Maximum 100 characters (ascii). 
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vault_id={value} 
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Neo4j Record 


Required if login_type=vault The ID of the vault to be used 
to retrieve the password for login. 


vault_type={value} 


Required if login_type=vault The third party vault to be 
used to retrieve the password for login. Certain vaults 
support this capability. 


ssl_verify={0|1} 


(Optional to create or update record, and valid for server 
that supports SSL) Specify 1 for a complete SSL certificate 
validation. 


- If ssl_verify=0, the Qualys scanners authenticate with In 
Servers that don’t use SSL or Neo4j servers that use SSL. 
However, in the SSL case, the server SSL certificate 
verification will be skipped. 


- If unspecified (or ssl_verify=1), the Qualys scanners will 
only send a login request after verifying that a connection 
to the Neo4j server uses SSL, the server SSL certificate is 
valid and matches the scanned host. 


hosts={value} 


Required only when ssl_verify is enabled) A list of FQDNs 
for the hosts that correspond to all host IP addresses on 
which a custom SSL certificate signed by a trusted root CA 
is installed. Multiple hosts are comma separated. 


neo4j_version={value} 


Optional) Specifies the Neo4j version. Only Neo4j 3.x 
version is supported at this time. Valid value is “neo4j 3.x” 
case insensitive). When unspecified, Neo4j 3.x is used. 


unix_base_path={value} 


Optional) The base path for Neo4j on your Unix hosts. 
Sample value: /opt/neo4j-enterprise-3.5.16/ 


nstead of specifying the path information, you can choose 
to auto discover the base and configuration paths by 
specifying neo4j_auto_path=1. 


unix_conf_path={value} 


(Optional) The path to the Neo4j configuration file on your 
Unix hosts. Sample value: /opt/neo4j-enterprise- 
3.5.16/conf/neo4j.conf 


Note that the configuration file must be in the same 
location for all hosts (IPs) included in the record. Instead of 
specifying path information, you can choose to auto 
discover the base and configuration paths by specifying 
neo4j_auto_path=1. 


neo4j_auto_path=(0|1} 


(Optional) When unspecified or neo4j_auto_path=0 (false), 
we will not use auto discovery to find the base and 
configuration paths for Neo4j on your Unix hosts. Use the 
unix_base_path and unix_conf_path input parameters to 
specify path information. 


When neo4j_auto_path=1 (true) we will auto discover the 
base and configuration paths for Neo4j on your Unix hosts. 
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Sample: Create Neo4j Record 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=createétitle=neo4j-recordAuth 
Recordéusername=rootépassword=rootl&database=graph.dbéport=7687&ips=1.1.1 
4&unix conf path=/opt/neo4j-enterprise- 

3.5.16/conf/neo4j.conf&unix base path=/opt/neo4j-enterprise- 
3.5.16/&neo4j version=neo4j 3.x&neo4j auto _path=0" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/neo44/" 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-03-15T11:56:082Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>101430</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample: Update Neo4j Record 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 
"action=updateé&title=Neo4j Auth Record 

é&éusername=root &password=rootl &database=graph.db&port=7689&ips=1.1.1.1&ids 
=101430&unix conf path=/opt/neo4j-enterprise- 
3.5.16/conf/neo4j.conf&unix base path=/opt/neo4j-enterprise- 
3.5.16/&neo4j version=neo4j 3.x&neo4j auto _path=0" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/neo4j1/" 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-03-15T11:56:082Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>101430</ID> 
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</ID_SET> 


</BATCH> 


</BATCH LIST> 


</RESPONSE> 
</BATCH_ RETURN> 


Sample - List Neo4j Record 


Scan Authentication 
Neo4j Record 


You'll see Neo4j record IDs in the output when you have Neo4j records in your account. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 


"action=list" "https://qualysapi.qualys.com/api/2.0/fo/auth/neo4j/" 


Response: 


<?xml version="1.0" 


ncoding="UTF-8" ?> 


<! DOCTYPE AUTH NEO4J LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/neo4j/auth_neo4j list _outpu 


t.dtd"> 


<AUTH_NEO4J LIST OUTPUT> 


<RESPONSE> 


<DATETIME>2021-05-24T10:23:142Z</DATETIME> 


<AUTH NEO4J LIST> 


<AUTH_NEO4J> 


<ID>4815851</ID> 


<TITLE><! [CDATA[Neo4j Sample] ]></TIT 


<USERNAME><! 
<DATABASE><! 


<PORT>123</PORT> 


[CDATA [root] ]></USERNAME> 
[CDATA[alpha] ] ></DATABASE> 


<SSL_VERIFY><! [CDATA[0]]></SSL_VERIFY> 


<IP_SET> 


<IP>10.10.10.10</IP> 
<IP>10.10.10.20</IP> 


</IP_SET> 


<UNIX CONF _ PATH><! [CDATA[/opt/neo4j-enterprise- 


3.5.16/conf/neo4j.conf]]></UNIX_CONF_PATH> 


<UNIX BASE PATH><! [CDATA[/opt/neo4j-enterprise- 


3.5.16/]]></UNIX_BAS! 


E PATH> 


<VERSION><! [CDATA Neo4j 3.x] ]></VERSION> 


<AUTO_PATH>< 


<LOGIN_TYPE><! [CDATA[basic]]></LOGIN TYP 
<NETWORK_ ID>0</NETWORK_ID> 


<CREATED> 


<DATETIME>2021-05-24T10: 46:382</DATETI 


! [CDATA[0]]></AUTO_PATH> 


ti 


<BY>joe_user</BY> 


</CREATED> 
<LAST_MODIFII 


ED> 


<DATETIME>2021-05-24T10:48:36Z</DATETIM 
</LAST MODIFIED> 


</AUTH_NEO4J> 


</AUTH_NEO4J_LIST> 


</RESPONSE> 


</AUTH NEO4J LIST OUTPUT> 
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Sample: Delete Neo4j Records 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 
"action=delete&ids=4620768" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/neo43j/" 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 


"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 


<RES PONSE 


> 


<DATETIME>2021-04-01T13:12:512</DATETIME> 
<BATCH_ LIST> 


<BATCH> 


<TEXT>Successfully Deleted</TEXT> 


<ID_SET> 


< 

</I 
</BAT 
</BATCH 


ID>4620768</ID> 
D_SET> 
CH> 


LIST> 


</RESPONS 


b> 


</BATCH RET 


DTDs for auth type 


URN> 


“neo4j” 


<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/neo4j/auth_neo4j_list_output.dtd 


303 


Nginx Record 
(api/2.0/fo/auth/nginx/) 


[POST] 


Scan Authentication 
Nginx Record 


Create, update, list and delete Nginx authentication records. Compliance scans are 
supported (using PC and SCA). User permissions for this API are the same as other 
authentication record APIs. 


Requirement - You must configure authentication credentials on target hosts. 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


ids={value} 


(Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


ips={value} 


Required to create record) Enter a combination of IPs and 
P ranges to identify compliance hosts. Multiple entries are 
comma separated. 


add_ips={value} 


Optional and valid only to update record) Add IPs to the IP 
ist for an existing record. You may enter a combination of 
Ps and IP ranges. Multiple entries are comma separated. 


remove_ips={value} 


(Optional and valid only to update record) IPs to be 
removed from your record. You may enter a combination of 
Ps and ranges. Multiple entries are comma separated. 


unix_bin_path={value} 


Optional) Absolute path of the Nginx binary file location. 


unix_conf_path={value} 


Optional) The path to the Nginx configuration file on your 
Unix hosts. 


unix_prefix_path 


Optional) The path to the Nginx configuration file on your 
Unix hosts. 


Sample: Create Nginx Record 


API request: 


curl -u 


"US 


ERNAM 


F: PASSWORD" -H "X-Requested-With: Curl" -d 


"action=createé&ips=1.2.3.4& 

title=API Nginxéunix bin path=/usr/local/nginx/sbin/nginx&unix conf path= 
/usr/local/nginx/conf/nginx.conf 

&unix prefix path=/usr/local/nginx" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/nginx/" 
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Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-08-13T11:36:302Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>1157719</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample: Update Nginx Record 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=update&ids=229028&ips=10.10.10.10&title=Test 

Nginx&unix bin path=/usr/local/nginx/sbin/nginx&unix conf path=/usr/local 
/nginx/conf/nginx.conf&unix prefix path=/usr/local/nginx" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/nginx" 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-08-03T03:15:352</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>229028</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample: List the Nginx Records 
You'll see Nginx record IDs in the output when you have Nginx records in your account. 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -d 
"action=list" "https://qualysapi.qualys.com/api/2.0/fo/auth/nginx" 


305 


Scan Authentication 
Nginx Record 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH RECORDS OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/nginx/auth_nginx list _outpu 
t.dtd"> 
<AUTH NGINX LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2021-08-02T13:57:09Z</DATETIME> 
<AUTH NGINX _LIST> 
<AUTH_NGINX> 
<ID>228028</ID> 
<TITLE> 
! [CDATA [Nginx second] ]> 
</TITLE> 
<IP_SET> 
<IP>10.11.12.13</IP> 
</IP_SET> 
<UNIX BIN PATH> 
<! [CDATA[/usr/local/nginx/sbin/nginx] ]> 
</UNIX BIN PATH> 


<UNIX_CONF_PATH> 
<! [CDATA[/usr/local/nginx/conf/nginx.conf]]> 
</UNIX_CONF_PATH> 
<UNIX PREFIX PATH> 
<! [CDATA[/usr/local/nginx] ]> 
</UNIX_PREFIX_PATH> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2021-07-29T06:15:12Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2021-07-29T07:20:17Z</DATETIME> 
</LAST_MODIFIED> 
</AUTH_NGINX> 
</AUTH_NGINX_LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN>joe_user</USER_LOGIN> 
<FIRST NAME>Joe</FIRST_ NAME> 
<LAST_ NAME>User</LAST NAME> 
</USER> 
</USER_LIST> 
</GLOSSARY> 
</RESPONSE> 
</AUTH_NGINX_LIST_OUTPUT> 


A 


T 


ti | 


Sample: Delete Nginx Records 
API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -d 
"action=delete&ids=5146728,5146726" 
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"https://qualysapi.qualys.com/api/2.0/fo/auth/nginx/" 


Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-08-27T11:38:07Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>5146726</ID> 
<ID>5146728</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_RETURN> 


DTDs for auth type “nginx” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/neo4j/auth_nginx_list_output.dtd 
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Oracle Record 


Oracle Record 


/api/2.0/fo/auth/oracle/ 
[POST] 


Create, update, list and delete Oracle records and Oracle system record templates for 
authenticated scans of Oracle instances. Vulnerability and compliance scans are 
supported (using VM, PC). 


How it works - During scanning we'll authenticate to one or more instances on a single 
host using all Oracle records in your account. For compliance scans, you can scan multiple 
Oracle instances on a single host and port combination. Looking for more help? Search for 
“Oracle Use Cases” in Qualys online help. 


System created authentication records supported - You can allow the system to create 
Oracle authentication records for auto discovered instances and scan them. This is 
supported for Unix installations only. To enable this feature, you must first create Oracle 
System Record Templates using the is_template input parameter and specifying login 
credentials. See System created Oracle records. 


Requirement - You must configure login credentials on target hosts before scanning. 
Download Qualys User Guide - Oracle Authentication for VM Scans (.zip) 


Download Qualys User Guide - Oracle Authentication for Compliance Scans (.zip) 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request=({0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} Required to create record, optional to update record) A 
title for the record. The title must be unique. Maximum 255 
characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


is_template={0|1} (Optional for create request, not valid for update request) 
By default, a new record is a regular Oracle record. Specify 
1 to create an Oracle system record template. You must 
also specify login credentials, which are described below. 
See System created Oracle records. 
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Description 


status=[0|1) 


(Optional) The record status, active or inactive. By default, 
a new record is set to active (1). Set to 0 for inactive record 
or 1 for active record. (This parameter applies to system 
created and user created Oracle records. It cannot be 
specified for Oracle system record templates.) 


save_as_user_auth=(0|1} 


(Optional for update request, not valid for create request) 
Specify 1 to update a system created record and save it as a 
user created record. If another Oracle record already exists 
with the same IP address and target configuration then an 
error will be returned. (This parameter applies only to 
system created Oracle records. It cannot be specified for 
user created Oracle records and it cannot be specified for 
Oracle system record templates.) 


Login credentials 


login_type={basic|vault} 


(Optional) The login type is basic by default. You can 
choose vault (for vault based authentication). 


username={value} 


Required to create record, optional to update record) The 
user account to be used for authentication to the Oracle 
database. The username may include 1-31 characters 
ascii). 


password=fvalue} 


(Required to create record, optional to update record) The 
password corresponding to the user account defined in the 
record for authentication. Maximum 100 characters (ascii). 


vault_type={value} 


(Required if login_type=vault) The third party vault to be 
used to retrieve the password for login. Certain vaults 
support this capability. See Vault Support matrix 


vault_id={value} 


Required to create record, optional to update record). The 
vault ID from where you want to retrieve the password. 
Certain vaults support this capability. 


{vault parameters} 


(Required to create record when login_type=vault) 
Vault specific parameters required depend on the vault 
type you've selected. See Vault Definition 


sid={value} 


UJ 


(Optional to create or update record) The Oracle System II 
(SID) that identifies the database instance to be 

authenticated to. To create a record sid or servicename is 
required. 


The parameters sid and servicename cannot be specified in 
the same request. 


servicename={value} 


(Optional to create or update record) The Oracle service 
name that identifies the database instance to be 
authenticated to. A maximum of 30 characters may be 
specified. 


The parameters sid and servicename cannot be specified in 
the same request. 
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Description 


port={value} 


(Optional to create record) The port number that the 
Oracle database instance is running on. When not 
specified, the “All Ports” option is used and the scanning 
engine will authenticate to the database instance on each 
port that the Oracle service is detected on. Ports used for 
Oracle authentication 


These parameters are mutually exclusive: instance and 
auto_discover_instances=1. 


is_cdb={0|1} 


(Optional) Indicates whether the database is a Container 
Database (CDB). Specify 1 if the database is a CDB or 0 (the 
default) if the database is not a CDB. When not specified, 
we'll use is_cdb=0. This setting is applied to compliance 
scans only. 


Identifying the Oracle database as CDB ensures the right 
compliance checks are performed for multitenant 
technologies. Also, when the database is a CDB, we auto- 
discover all Pluggable Databases (PDBs) within the 
container environment, and scan them for compliance. 
This saves you from having to create separate, additional 
Oracle records for each PDB instance. 


pc_only={0|1} 


(Optional to create record, valid when the compliance 
module is enabled) Specify 1 to perform compliance scans 
on multiple instances running on host and port 
combinations in this record. This parameter must be 
specified if this Oracle record has some host and port 
combination, which is already defined in another record. 
Note, however, when pc_only=1 is specified, the record will 
be used for compliance scans only. When not specified, the 
record will be used for vulnerability scans and compliance 
scans. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 
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remove_ips={value} 


(Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 

This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional and valid when the networks feature is enabled) 
The network ID for the record. 


OS Parameters Windows 


OS Parameters are used for compliance scans only. 


perform_windows_os_checks 


={0|1} 


(Optional) Specify 1 to perform OS-dependent compliance 
checks for the Oracle technology during Windows 
authenticated compliance scans. These checks are 
assigned to the control category “Databse Setttings” in the 


sub-category “DB OS-dependent Controls”. 


win_ora_home_name= 
{value} 


Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 
The Windows Oracle Home name. Example: OraHome1l 


win_ora_home_path= 
{value} 


Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 
The Windows Oracle Home path. 

Example: c:\Program Files\Oracle\10 


win_init_ora_path={value} 


(Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 
The pathname to the Windows init(SID).ora file. 

Example: c:\Program Files\oracle\dbs\initORA10.ora 


win_spfile_ora_path= 
{value} 


Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 
The pathname to the Windows spfile(SID).ora file. 
Example: 

c:\Program Files\oracle\network\admin\spfileORA10.ora 


win_listener_ora_path= 
{value} 


Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 

The pathname to the Window listener.ora file. 

Example: 
c:\Program Files\oracle\network\admin\listener.ora 


win_sqlnet_ora_path= 
{value} 


Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 

The pathname to the Windows sqlnet.ora file. 

Example: 
c:\Program Files\oracle\network\admin\sqlnet.ora 


win_tnsnames_ora_path= 
{value} 


Required if perform_windows_os_checks=1 is specified; 
otherwise invalid) 

The pathname to the Windows tnsnames.ora file. Example: 
c:\ProgramFiles\oracle\network\admin\tnsnames.ora 


OS Parameters Unix 


OS Parameters are used for compliance scans only. 
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perform_unix_os_checks= 
{0|1} 


(Optional) Specify 1 to perform OS-dependent compliance 
checks for the Oracle technology during Unix 
authenticated compliance scans. These checks are 
assigned to the control category “Databse Setttings” in the 
sub-category “DB OS-dependent Controls”. 


perform_unix_opatch_checks 


={0|1} 


(Optional) Specify 1 to perform OPatch checks using the 


OPatch binary to return a list of all install 
Oracle instance. 


ed patches for the 


In a case where perform_unix_os_checks=1 is specified and 


in the database may not be accurate so 


perform_unix_opatch_checks=0 is specified (or this 
parameter is not specified), the service checks for patch 
information from the Oracle database directly; information 
the list of installed 
patches returned by the service also may not be accurate. 


unix_ora_home_path= 
{value} 


Required if perform_unix_os_checks=1 


nvalid) 


and/or 
perform_unix_opatch_checks=1 is specified; otherwise 


The Unix Oracle Home path. Example: /usr/opt/oracle/10 


unix_init_ora_path={value} 


(Required if perform_unix_os_checks=1 
perform_unix_opatch_checks=1 is speci 
invalid) 

The pathname to the Unix init(SID).ora 


c 


and/or 
fied; otherwise 


le. 


Example: /usr/opt/oracle/dbs/initORA10.ora 


unix_spfile_ora_path= 
[value) 


Required if perform_unix_os_checks=1 
perform_unix_opatch_checks=1 is speci 
invalid) 


and/or 
fied; otherwise 


The pathname to the Unix spfile(SID).ora file. 
Example: /usr/opt/oracle/network/admin/spfileORA10.ora 


unix_listener_ora_path= 
{value} 


Required if perform_unix_os_checks=1 
perform_unix_opatch_checks=1 is specifi 
invalid) 
The pathname to the Unix listenerora fil 


and/or 


ed; otherwise 


e 


Example: /usr/opt/oracle/network/admin/listener.ora 


unix_sqlnet_ora_path= 
{value} 


Required if perform_unix_os_checks=1 
perform_unix_opatch_checks=1 is specifi 
invalid) 
The pathname to the Unix sqlnet.ora fi 


oO 


and/or 


ed; otherwise 


Example: /ust/opt/oracle/network/admin/sqinet.ora 
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Parameter Description 

unix_tnsnames_ora_path= Required if perform_unix_os_checks=1 and/or 

[value) perform_unix_opatch_checks=1 is specified; otherwise 
invalid 


The pathname to the Unix tnsnames.ora file. 
Example: /usr/opt/oracle/network/admin/tnsnames.ora 


unix_invptrloc={value} Optional) if perform_unix_opatch_checks=1 is specified; 
otherwise invalid) 

The pathname to the Unix oralnst.loc file. Use this 
parameter to identify a custom inventory for patches. 
Example: /usr/opt/oracle/network/admin/oraInst.loc 


Ports used for Oracle authentication 


The “All Ports” option is used when the port parameter is not specified (the default). You 
may only create one Oracle record with this setting for each host. When All Ports is 
defined the scanning engine uses the credentials in the record to attempt authentication 
to the database instance (SID or service name) when a port-specific record does not exist. 
The scanning engine will authenticate to the database instance on each port the Oracle 
service is detected on. 


A single port is used when the port parameter is specified (e.g. port=1521). The same port 
number cannot be entered in multiple Oracle records for the same host, unless the 
compliance module is enabled and pe_only=1 is specified. 


How it works - When the scanning engine detects an Oracle instance on a host, it first 
checks to see if you have an authentication record with the database instance and port 
specified. If you have a port-specific record, then it uses the credentials in that record to 
attempt authentication to the database instance. If a port-specific record does not exist 
(or if authentication fails), then the scanning engine checks to see if you have an 
authentication record set to “All Ports” for the host and uses the credentials in that record 
to attempt authentication to the database instance. 


System created Oracle records 


When we auto discover Oracle instances, we'll discover the target configuration for each 
instance but not the login credentials. We ve introduced a new configuration called 
“Oracle System Record Template” that you'll use to provide Oracle login credentials for 
system created records. You ll create the system record template and then select it in the 
option profile used for discovery scans. The template is linked automatically to the system 
created records created as a result of the scan. 


Benefits 


- We'll auto discover Oracle instances on each scanned host and create authentication 
records for those instances. We support auto discovery and system record creation for 
Oracle instances running on Unix platforms. Make sure you have Unix authentication 

records in your account for hosts running Oracle. 


- When we create Oracle authentication records for discovered instances, we’ll insert the 
credentials from the Oracle system record template you selected in the option profile. 
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- You can easily rotate Oracle passwords. Simply edit the credentials in the Oracle system 
record template and all Oracle records linked to the template will be updated to use the 
new credentials with no additional scan or action by you. 


- You can edit individual Oracle system created records and save them as user created. 
This allows you to change the credentials for individual records without changing the 
credentials for all records associated with a template. 


How it works 


Here’s the basic flow for Oracle instance discovery and auto record creation. Note - We 
support auto discovery and system record creation for Oracle instances running on Unix 
platforms. Make sure you have Unix authentication records in your account for hosts 
running Oracle. 


Create an Oracle system record template and enter the login credentials you want to 
se for system created records. 


1 

u 

2) Select the Oracle system record template in the compliance option profile you want to 
use for discovery scans. 
3 
4 


Launch your discovery scan. Your scan results will list the auto discovered instances. 


List your Oracle authentication records. For each system created record, you'll see the 
template associated with the record. 


Sample create Oracle system record template 
This sample creates an Oracle system record template by using is_template=1. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d 
"action=create&is template=l&title=OracleRecordTemplateé&username=OracleUs 
er&password=Password" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RES PONSE> 
<DATETIME>2020-04-23T18:43:592Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<1) SETS 
<ID>2237956</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 
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DTDs for auth type “oracle” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/oracle/auth_oracle_list_output.dtd 
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Oracle Listener Record 
/api/2.0/fo/auth/oracle_listener/ 
[POST] 


Create, update, list and delete Oracle Listener records for authenticated scans of Oracle 
Listener databases. Vulnerability scans are supported (using VM). 


Oracle Listener records are used to connect to Oracle TNS Listeners in order to enumerate 
information about databases behind the Oracle Listeners. When authentication is 
successful and databases behind the Listener are discovered, the QID 19225 “Retrieved 
Oracle Database Name” is returned in the scan results. This is an information gathered 
check that lists the names of the databases discovered behind the Listener. This 
information is useful if you want to create Oracle authentication records on those 
databases and need the Oracle System IDs (SIDs). 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} Required to create record, optional to update record) A 
title for the record. The title must be unique. Maximum 255 
characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


password={value} (Required to create record, optional to update record) 
Specifies a password for authentication to target hosts. If 
more than one Listener is detected on the same host, then 
the same password is attempted on each Listener. 
Maximum 100 characters (ascii). 
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Parameter Description 
Target Hosts 
ips=[value) (Required to create record) The IP address(es) the server 


will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified 
in the same request. 


add_ips={value} (Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} (Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} (Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the record. 


DTDs for auth type “oracle_listener” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/oracle_listener/ 
auth_oracle_listener_list_output.dtd 


317 


Scan Authentication 
Oracle WebLogic Server Record 


Oracle WebLogic Server Record 
/api/2.0/fo/auth/oracle_weblogic/ 
[POST] 


Create, update, list and delete Oracle WebLogic records for authenticated scans of Oracle 
WebLogic Server instances. Vulnerability and compliance scans are supported (using VM, 
PC). 


What you'll need: 


- We support these technologies: Oracle WebLogic Server 11g and Oracle WebLogic Server 
12c 


- Unix authentication is required so you'll need a Unix record for each host running an 
Oracle WebLogic Server 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) 
or list (using GET or POST). 


echo_request=[0|1) (Optional) Specify 1 to view (echo) input parameters in 
the XML output. By default these are not included. 


ids={value} (Required for update request; invalid for create request) 
The IDs of the Oracle WebLogic Server authentication 
records that you want to update. Multiple IDs are 
comma separated 


title={value} (Required to create record) A title for the record. The 
title must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


installation_path={value} (Required to create record, optional to update record) 
The directory where the Oracle WebLogic Server is 
installed (i.e. Home directory). 

Example: /u01/app/oracle/middleware 


auto_discover={0|1} (Optional) For a create request, we default to 
auto_discover=1, which means we will use auto 
discovery to find all domains for you. Specify 
auto_discover=0 and we will not auto discover 
domains. For an update request, we will keep the 
record’s settings as is unless you overwrite them. 


auto_discover=0 must be specified with the domain 
parameter in the same request. 
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Parameter Description 

domain={value} Optional) A single Oracle WebLogic Server domain 
name. 
Example: website 


The domain parameter must be specified with 
auto_discover=0 in the same request. 


Target Hosts 


ips={value} (Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple 
entries are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be 
removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} (Optional to update record) Add IPs and/or ranges to 
the IPs list for this record. Multiple IPs/ranges are 
comma separated. 


This parameter and the ips parameter cannot be 
specified in the same request. 


remove_ips={value} (Optional to update record) IPs to be removed from 
your record. You may enter a combination of IPs and 
ranges. Multiple entries are comma separated. 


This parameter and the ips parameter cannot be 
specified in the same request. 


network_id={value} (Optional to create or update record, and valid when 
the networks feature is enabled) The network ID for the 
record. 


Sample - Create WebLogic record, no auto discover 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d 
"action=createéinstallation path=/u01/app/oracle&auto discover=0éd 
omain=www.qualys.com&ips=10.10.10.23&title=WEB ORA CREATE" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle weblogic/" 


XML output: 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
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<RESPONSE> 
<DATETIME>2018-03-10T13:30:49Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>2707632279</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create WebLogic record, with auto discover 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


"action=createé&installation path=/u01/app/oracle&auto discover=1&i 
ps=10.10.10.23&title=ABC ORA" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle weblogic/" 


XML output: 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-03-10T13:42:46Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>2707642279</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


DTDs for auth type “oracle_weblogic” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/oracle_weblogic/ 
auth_oracle_weblogic_list_output.dtd 
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Palo Alto Firewall Record 
/api/2.0/fo/auth/palo_alto_firewall/ 
[POST] 


Create, update, list and delete Palo Alto Firewall records for authenticated scans of Palo 
Alto Firewall instances. Vulnerability and compliance scans are supported (using VM, PC). 


Requirements: 


- The user account you provide for authentication must either have the predefined role 
“Superuser (read-only)” or a custom role with these XML API privileges enabled: 
Configuration and Operational Requests. 


- We use the PANOS XML API to retrieve system information from Palo Alto Firewall on 
port 443 so this port must be open. 


Tip - We strongly recommend you create one or more dedicated user accounts to be used 
solely by the Qualys Cloud Platform to authenticate to Palo Alto Firewall instances. 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} (Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} (Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


Login credentials 


username={value} (Required to create record, optional to update record) The 
username of the account to be used for authentication. If 
password is specified this is the username of a Palo Alto 
Firewall account. If login_type=vault is specified, this is the 
username of a vault account. Maximum 255 characters 
(ascii). 


password={value} (To create record password or login_type=vault is required) 
The password of the Palo Alto Firewall account to be used 
for authentication. Maximum 100 characters (ascii). 
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Parameter Description 


login_type=vault (To create record password or login_type=vault is required) 
Set to vault if a third party vault will be used to retrieve 
password. Vault parameters need to be provided in the 
record. 


Target Hosts 


ips={value} (Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} (Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


Sample - Create Palo Alto Firewall record 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=createétitle=palo- 

4&ips=10.10.10.10é&élogin_type=basicéusername=root &password=123123" 
"https: //qualysapi.qualys.com/api/2.0/fo/auth/palo_alto_firewall/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-01-14T06:29:41Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
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<ID>125727</ID> 


</ID_SET> 
</BATCH> 
</BATCH_ LIST> 


</RESPONS 


E> 


</BATCH_RET 


URN> 


Sample - Create Palo Alto Firewall record, using vault 


API request: 


curl -u 
"action=cr 


"US 


ERNAME : PASSWORD" 


ate&title=palo 
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H "X-Requested-With: Curl Sample" -d 


4&ips=10.10.10.11&login_type=vault&username=root&vault_type=CyberArk 
AIM&vault_id=16034&file=file&éfolder=folder" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/palo_alto_firewall/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
ETURN SYST 
lysapi.qualys.com/api/2.0/ba 


<!DOCTYPE 
"https: / 
<BATCH RET 


/qua 


BATCH R 


URN> 


<RES PONS 


E> 


<DATET 


IME>2018-01-16T06:22:01Z</DAT 


<BATCH LIST> 
<BATCH> 


<T] 
<I 


D _SET> 


<ID>125726</ID> 


</I 


D _SET> 


</BATCH> 


</BATCH_ 


LIST> 


</RESPONS 


E> 


</BATCH_RET 


URN> 


Sample - List Palo Alto Firewall records 


API request: 


curl =ü 


"US 
"action=lis 


ERNAME : PASSWORD" 


VT 


EM 
E 


?> 


ETIME> 


-H "X-Requested-With: Curl Sample" 


EXT>Successfully Created</TEXT> 


tch return.dtd"> 


-d 


"https://qualysapi.qualys.com/api/2.0/fo/auth/palo alto firewall/? 
action=list&ids=125727" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
AUTH PALO ALTO FIREWA 


<!DOCTYPE 


?> 
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"https://qualysapi.qualys.com/api/2.0/fo/auth/palo alto firewall/a 
uth palo alto firewall list output.dtd"> 
<AUTH PALO ALTO FIREWALL LIST OUTPUT> 
<RES PONSE> 
<DATETIME>2017-09-13T06:30:32Z</DATETIME> 
<AUTH PALO ALTO FIREWALL LIST> 
<AUTH PALO ALTO FIREWALL> 
<ID>125727</ID> 
<TITLE><! [CDATA[palo-4]]></TIT 
<USERNAME><! [CDATA [root] ] ></USE 
<SSL VERIFY><! [CDATA[1]]></SS 
<IP_SET> 
<IP>10.10.10.10</IP> 
</IP_SET> 
<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 
<CREATED> 
<DATETIME>2017-09-13T06:29:412</DATETIME> 


a] 
V 


< = 
Lad 
tJ 
fa 
rj 
K 
V 


DTDs for auth type “palo_alto_firewall” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/palo_alto_firewall/ 
auth_palo_alto_firewall_list_output.dtd 
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Pivotal Greenplum Record 


/api/2.0/fo/auth/greenplum/ 
[POST] 


List, create, update, and delete Pivotal Greenplum records for authenticated scans of 
Pivotal Greenplum 5.x and 6.x instances running on Unix. Compliance scans are 


supported (using PC). 


Input Parameters 


Parameter 


Description 


action={action} 


Required) Specify create, update, delete (using POST) or list 
using GET or POST). 


details={value} 


Optional) Default value is Basic. You can choose from None, 
Basic, and All. 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} 


Required only for update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma separated. 


title={value} 


Required to create record) A title for the record. The title must 
be unique. Maximum 255 characters (ascii). 


comments={value} 


Optional to create or update record) User defined comments. 
Maximum of 1999 characters. 


Greenplum 


greenplum_unix_conf_file= 
{value} 


Required for create request) The full path to the configuration 
file (postgresql.conf) on your Unix assets (IP addresses). The 
file must be in the same location on all assets for this record. 


greenplum_db_name={value} 


Required for create request) The database instance you want 
to authenticate to. 


port={value} 


Optional) The port where the database instance is running. 
Default is 5432. 


ssl_verify={0|1} 


Optional) SSL verification is skipped by default. Set to 1 if you 
want to verify the server’s certificate is valid and trusted. 


hosts={value} 


Required if ss]_verify=1) A list of FQDNs for all host IP 
addresses on which a custom SSL certificate signed by a 
trusted root CA is installed. 


Login credentials 


username={value} 


(Required for create request) The username of the account to 
be used for authentication. If password is specified this is the 
username of a Greenplum account. If login_type=vault is 
specified, this is the username of a vault account. Maximum 
255 characters (ascii). 
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Description 


password=[value) 


For create request, password or login_type=vault is required) 
The password of the Greenplum account to be used for 
authentication. Maximum 100 characters (ascii). 


login_type={value} 


For create request, password or login_type=vault is required) 
Login type can be basic (default) or vault. Set to vault if a third 
party vault will be used to retrieve the password. Vault 
parameters need to be provided in the record. See Vault 
Definition. 


vault_id={value} 


Required if login_type=vault) The ID of the vault to be used to 
retrieve the password for login. 


vault_type={value} 


Required if login_type=vault) The third party vault to be used 
to retrieve the password for login. Certain vaults support this 
capability. See Vault Support matrix. 


Keys, Passphrase 


client_key_type={value} 


Optional) Client key type basic (default) or vault. 


chent_key={value} 


Optional if client_key_type=basic) Client key content, if 
private key not in vault. 


chent_key_vault_type={value} 


Required if client_key_type=vault) The third party vault to be 
used to retrieve the private key. Certain vaults support this 
capability. See Vault Support matrix. 


client_key_vault_id={value} 


Required if client_key_type=vault) The ID of the vault to get 
the private key from. 


passphrase_type={value} 


Optional) Passphrase type can be basic (default) or vault. 


passphrase={value} 


Optional if passphrase_type=basic) The passphrase value. 


client_cert={value} 


Optional if passphrase_type=basic) The passphrase certificate 
content. 


passphrase_vault_type= 
value} 


Required if passphrase_type=vault) The vault where the 
private key passphrase is stored. For example: CA Access 
Control, CyberArk AIM, Thycotic Secret Server. 


passphrase_vault_id= 


Required if passphrase_type=vault) The ID of the vault to get 


value} the passphrase from. 
Target Hosts 
ips={value} Required to create record) The IP address(es) the server will 


log into using the record's credentials. Multiple entries are 
comma separated. 


Optional to update record) IPs specified will overwrite existing 
Ps in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the remove_ips 
parameter cannot be specified in the same request. 
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Parameter Description 


add_ips={value} (Optional to update record) Add IPs and/or ranges to the IPs list 
for this record. Multiple IPs/ranges are comma separated. 


This parameter and the ips parameter cannot be specified in 
the same request. 


remove_ips={value} (Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified in 
the same request. 


network_id={value} (Optional to create or update record, and valid only when the 
networks feature is enabled) The network ID for the record. 


Sample: List all record types 


API request: 


curl -u "USERNAME: PASSWORD" -H 'X-Requested-With:curl' -d 
"action=list" "https://qualysapi.qualys.com/api/2.0/fo/auth/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH RECORDS OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/auth_records.dtd"> 
<AUTH RECORDS OUTPUT> 
<RESPONSE> 
<DATETIME>2019-10-04T09:24:19Z</DATETIME> 
<AUTH RECORDS> 
<AUTH_UNIX_IDS> 
<ID_SET> 
<ID>1029116</ID> 
<ID>1296290</ID> 
<ID_RANGE>1375563-1375564</ID_ RANG 
<ID>1505926</ID> 
</ID_SET> 
</AUTH_UNIX_IDS> 
<AUTH GREENPLUM IDS> 
<ID_SET> 


GI 


zal 
V 


<ID>1505929</ID> 
</ID SET> 
</AUTH_GREENPLUM IDS> 
</AUTH_RECORDS> 
</RESPONSE> 
</AUTH RECORDS OUTPUT> 


T 
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Sample - List Greenplum Records with All Details 


API request: 


curl -u "US 


ERNAM 


"action=lis 


F: PASSWORD" 
t&édetails=Al11" 


-H 'X-Requested-With: curl' -d 


"https://qualysapi.qualys.com/api/2.0/fo/auth/greenplum/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
AUTH GR 
"https://qualysapi 
tput. 


my 
Ei 


<!DOCTYPI 


plum list ou 


F 


'ENPL 


U 


M_ 


?> 
LIST OUTPUT SYST 


EM 
E 


. qua 
dtd"> 


ak 


<AUTH GREENP 


<RES PONS 


E> 


<DAT 
<AUT 


1/postgresql.conf] 


UM 


IST O 


ETIME>2020 


H GRE 
<AUTH_GRE 


ENPLUM_ 


01-05T11:41:28Z</DAT 


lys.com/api/2.0/fo/auth/greenplum/auth_ green 


PUT> 


ETIME 


IST> 


ENP 


1UM> 


<ID>6618 
<TITLE> 
SKIC 


</TITLE> 


6</ID> 


DATA[greenplum auth] ]> 


F 


<USERNAM 


E> 


<! [C 


DATA [root] ]> 


</US 


ERNAM 


E> 


<DATABASI 
<A FC 


</DATABASI 


F> 
DATA[postgres] ]> 
E> 


<PORT>5432</PORT> 


V 


GI 


<SSL R 


</SSL_V 
<IP_SET> 

<IP> 
</IP_SI 


IFY> 


<! [CDATA[0]]> 
ERIFY> 


10.20.32.111</IP> 


ET> 


<UNIX CONF FILE> 


> 
</ 
<N! 
<Ç 


TWOR 


FAT 


] 
U 
R 


F 


<! [CDATA [ / 


NIX CONF FI 
K_ 
D> 


usr/local/greenplum-db/master/gpseg- 


E> 
ID>0</NETWORK_ID> 


<DAT 


E>2019-12-31T10:51:102</DAT 


ET IME 


ETIM 


</CREATE 
<LAST MO 


<BY>qualys jd</BY> 


D> 
DIFT] 


<i 
F 


ED> 


<DAT 


ETIME 


ETIM 


T 


</LAST_MODIFI] 


.>2019-12-31T10:51:10Z</DAT 
ED> 
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</AUTH GREENPLUM> 
<AUTH_ GREENPLUM> 

<ID>66390</ID> 

<TITLE> 
<! [CDATA [my greenplum record] ]> 
</TITLE> 
<USERNAME> 
<![CDATA[root]]> 
</USERNAME> 
<DATABASE> 
<! [CDATA[postgres] ]> 
</DATABASE> 
<PORT>5432</PORT> 
<SSL_ VERIFY> 

<! [CDATA[0]]> 
</SSL_VERIFY> 
<IP_SET> 

<IP>10.10.10.1</IP> 
</IP_SET> 
<UNIX CONF FILE> 


<NETWORK_ID>0</NETWORK_ ID> 
<CREATED> 
<DATETIME>2020-01-05T09:14:54Z</DAT 


< 
</UNIX_CONF_FILE> 
R 


![CDATA[ /var/lib/pgsql/data/postgresql.conf]]> 


ETIME 


<BY>qualys jd</BY> 

</CREATED> 

<LAST MODIFIED> 
<DATETIME>2020-01-05T09:14:54Z</DAT 


ETIME 


</LAST_MODIFIED> 
</AUTH GREENPLUM> 


</AUTH_GREENPLUM_LIST> 


<GLOSSARY> 


<USER LIST> 
<USER> 
<USER_LOGIN>qualys_ jd</USER_LOGIN> 
<FIRST NAME>John</FIRST NAME> 
<LAST NAME>Doe</LAST NAME> 
</USER> 
</USER_LIST> 


</GLOSSARY> 


</RES 


PONSE> 


</AUTH_GR 


a 


‘ENPLUM LIST OUTPUT> 


329 


Scan Authentication 
Pivotal Greenplum Record 


Sample - Create Greenplum Record 


API request: 
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -d 
"action=create&title=my greenplum 
recordéips=10.10.10.1léusername=rootépassword=rooté&greenplum db nam 
e=postgres&port=5421légreenplum unix conf path=/tmp/postgresql.conf 


" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/greenplum/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2020-01-05T12:04:322</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>66391</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


T 


Sample - Update Greenplum Record 


API request: 
curl -u "USERNAME :PASSWORD" -H 'X-Requested-With: curl' -qd 
"action=update&ids=66391&title=my greenplum record&comments=new 
comment" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/greenplum/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2020-01-05T12:09:252</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
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<ID SET> 
<ID>66391</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH_RETURN> 


Sample - Delete Greenplum Records 


API request: 
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -qd 
"action=delete&ids=66391" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/greenplum/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_ RETURN> 
<RESPONSE> 
<DATETIME>2020-01-05T12:10:162Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>66391</ID> 
</ID_SET> 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH RETURN> 


DTDs for auth type “greenplum” 
<platform API server> /api/2.0/fo/auth/auth_records.dtd 


<platform API server>/api/2.0/fo/auth/greenplum/auth_greenplum_list_output.dtd 
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Scan Authentication 
PostgreSQL Record 


Create, update, list and delete PostgreSQL records for authenticated scans of PostgreSQL 
9.x, PostgreSQL 10.x, PostgreSQL 11.x and PostgreSQL 12.x instances running on Windows 
or Unix. Compliance scans are supported (using PC). 


Requirement - You must configure login credentials on target hosts before scanning. 


Qualys User Guide - PostreSQL Authentication (.zip) 


Tip - We strongly recommend you create one or more dedicated user accounts to be used 
solely by the Qualys Cloud Platform to authenticate to PostgreSQL database instances. 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 


ist (using GET or POS 


). 


echo_request=[0|1) 


Optional) Specify 1 to 
XML output. By defau 


view (echo) input parameters in the 
t these are not included. 


ids={value} 


Required to update or delete record) Record I] 
update/delete. Specify record IDs and/or ID ranges (for 


separated. 


example, 1359-1407). Multiple entries are com 


Ds to 


ma 


title={value} 


Required to create record) A title for the record. The title 


must be unique. Maximum 255 characters (ascii). 


comments={value} 


(Optional to create or update record) User defined 


comments. Maximum 


of 1999 characters. 


PostgreSQL 


pgsql_win_conf_path= 
value} 


Optional) The full pat 


h to the PostgreSQL configuration 


file on your Windows assets (IP addresses). The 
in the same location on all assets for this record. 


file must be 


pgsql_unix_conf_file= 


(Optional) The full pat 


h to the PostgreSQL configuration 


want to authenticate to. 


value} file on your Unix assets (IP addresses). The file must be in 
the same location on all assets for this record. 
pgsql_db_name={value} Required for create request) The database instance you 


port={value} 


(Optional) The port where the database instance is 
running. Default is 5432. 


hosts={value} 


(Required if ssl_verify=1) A list of FQDNs for all host IP 
addresses on which a custom SSL certificate signed by a 
trusted root CA is installed. 
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Parameter Description 

ssl_verify=[0|1) Optional) SSL verification is skipped by default. Set to 1 if 
you want to verify the server's certificate is valid and 
trusted. 


Login credentials 


username={value} Required for create request) The username of the account 
to be used for authentication. If password is specified this 
is the username of a PostgreSQL account. If 
ogin_type=vault is specified, this is the username of a 
vault account. Maximum 255 characters (ascii). 


password={value} For create request, password or login_type=vault is 
required) 
The password of the PostgreSQL account to be used for 
authentication. Maximum 100 characters (ascii). 


login_type=vault (To create record password or login_type=vault is required) 
Set to vault if a third party vault will be used to retrieve 
password. Vault parameters need to be provided in the 
record. See Vault Definition 


Keys, Passphrase 


chent_key_type={value} Optional) Client key type basic (default) or vault. 


chent_key={value} Optional if client_key_type=basic) Client key content, if 
private key not in vault. 


chent_key_vault_type={value} (Required if client_key_type=vault) The third party vault to 
be used to retrieve the private key. Certain vaults support 
this capability. See Vault Support matrix 


chent_key_vault_id={value} (Required if client_key_type=vault) The ID of the vault to 
get the private key from. 


Vault parameters: client_key_folder={value} and 
client_key_file={value} are required vault settings. 


passphrase_type={value} (Optional) Passphrase type can be basic (default) or vault. 
passphrase={value} (Optional if passphrase_type=basic) The passphrase value. 
chent_cert={value} (Optional if passphrase_type=basic) The passphrase 
certificate content. 
passphrase_vault_type= (Required if passphrase_type=vault) The vault where the 
{value} private key passphrase is stored. For example CA Access 
Control, CyberArk AIM, Thycotic Secret Server. 
passphrase_vault_id= (Required if passphrase_type=vault) The ID of the vault to 
{value} get the passphrase from. 
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Description 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the record. 


Sample - Create 
API request: 


curl -u 


PostgreSQL Record on Unix 


"USERNAME: PASSWORD" -H "X-Requested-With: curl sample" -d 


"action=createétitle=API POSTGRE 2&éusername=root &password=abcl123&p 
gsql_ db name=presql&ips=10.10.10.35&pgsql_ unix conf path=/etcé&netw 


ork id=4 
"https: / 
file.xml 


XML output: 
<?xml ve 
<!DOCTYP 
"HEESE 


002" 
/qualysapi.qualys.com/api/2.0/fo/auth/postgresql/" > 


rsion="1.0" encoding="UTF-8" ?> 


E BATCH RETURN SYSTEM 


/qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 


<BATCH RETURN> 


<RES PONSE> 


<DAT 


ETIME>2018-03-277T20:17:422</DATETIME> 


<BATCH LIST> 
<BATCH> 


<TEXT>Successfully Created</TEXT> 
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<ID SET> 
<ID>84307</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create PostgreSQL Record on Windows 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-With: curl' -qd 
"action=create&title=api-windows-postgres&pgsql win_conf path=C:\Program 
Files\PostgresQL\11\data\postgresql.conf&pgsql_db_name=postgres&username= 
qualys_scan&password=password&ips=10.10.10.35" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/postgresql" 


XML output: 


<<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RES PONSE> 
<DATETIME>2020-01-28T10:55:392Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>72178</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update PostgreSQL Record on Unix 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=updateé&ids=84307&add_ips=10.10.10.40-10.10.10.42" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/postgresql/" > file.xml 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
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<DATETIME>2018-04-10T21:01:572</DATETIME> 


<BATCH LIST> 
<BATCH> 


<TEXT>Successfully Updated</TEXT> 


<ID_SET> 


<ID>78782</ID> 


</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample - Update PostgreSQL Record on Windows 


API request: 


curl -u "USERNAME: PASS 
"action=update&ids=721 
Files\PostgreSQL\11\da 
"https://qualysapi.qua 


XML output: 


<?xml version="1.0" en 
<!DOCTYPE BATCH RETURN 
"https://qualysapi.qua 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2020 
<BATCH_LIST> 
<BATCH> 
<TEXT> 
<ID_SE 
<I 
</ID S 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH_RETURN> 


WORD" -H 'X-Requested-With: curl' -d 
78&pgsql_win_conf path=C:NProgram 
taNpostgresqlll.conf" 
lys.com/api/2.0/fo/auth/postgresql" 


coding="UTF-8" ?> 
SYSTEM 
lys.com/api/2.0/batch_return.dtd"> 


-01-28T11:06:36Z2</DATETIME> 


Successfully Updated</TEXT> 
T> 

D>72178</ID> 

ET> 


Sample - List PostgreSQL Records 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl Sample" -d 


"action=list&details 


=A11" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/postgresql/" > 


file.xml 


XML output: 
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<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH POSTGRESQL LIST OUTPUT SYSTEM 
-qualys.com/api/2.0/fo/auth/postgresql/auth post 


"https://qualysapi 


gres 
<AUT 
<R 


ql list output 


ES PONSE> 


.dtd"> 


H POSTGRESQL LIST OUTPUT> 


<DATETIME>2018-04-24T22:01:502</DATETIME> 
<AUTH POSTGRESQL LIST> 


<AUTH POSTGR 


ESQL> 


<ID>79518</ID> 
<TITLE><! [CDATA[PostgesSQL1] ] ></TITL 


E> 


<USERNAME><! [CDATA[acme_as1] ] ></USERNAME> 


<DATABASE><! [CDATA[mydb1] ]></DATABAS 
<PORT>5432</PORT> 


F> 


<SSL VERIFY><! [CDATA[0]]></SSL_VERIFY> 


<IP_SET> 


<IP>10.10.10.45</IP> 


</IP_SET> 


T 


<WIN_CONF_FILE><![CDATA[C:\Program 
s\pgsql\data\postgresql.conf]]></WIN_ CONF FILE> 
X CONF FILE><! [CDATA[/var/lib/pgsql1/9.3/data/postgresql.conf] ] 
></UNIX_CONF_FILE> 


File 
<UNI 


<WIN 


<NETWORK I 
<CREATED> 


D>0</NETWORK_ ID> 


<DATETIM 


E>2018-04-13T23:42:50Z</DAT 


</CREATED> 


ETIME> 


<BY>acme asl</By> 


<LAST MODIFIED> 


<DATETIM 


E>2018-04-20T23:35:42Z</DAT 


</LAST MOD 


ETIME> 


IFIED> 


<COMMENTS><! [CDATA [my comments] ]></COMMENTS> 


</AUTH POSTG 


RESQL> 


<AUTH_POSTGRESQL> 


<ID>82110< 


/ID> 


<TITLE><! [CDATA[POstgreSQL2] ]></TITLE> 


<USERNAME><! [CDATA[acme_as1]]></US 
<DATABASE><! [CDATA [mydb2] ]></DATABAS 


ERNAME> 


<PORT>5432</PORT> 


<SSL VERIFY><! [CDATA[1]]></SSL_ V 


<HOSTS> 
<HOST><! 
</HOSTS> 
<IP_SET> 
<IP>10.2 
</IP_SET> 
_CONF_FILI 


E> 


ERIFY> 
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[CDATA[cent-31-107.m12k8.qualys.com] ]></HOST> 


0.31.107</IP> 


E><! [CDATA[C:\Program 
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FilesNpgsqlNdataNpostgresql.conf]]></WIN CONF FILE> 

<UNIX CONF FILE><![CDATA[/var/lib/pgsq1/9.3/data/postgresql.conf]] 

></UNIX_CONF_FILE> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 

<DATETIME>2018-04-20T20:12:482Z</DATETIME> 

<BY>acme_asl1</BY> 

</CREATED> 


</AUTH_ POSTGRESQL LIST> 
</RESPONSE> 
</AUTH_ POSTGRESQL LIST OUTPUT> 


DTDs for auth type “postgresql” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/postgresql/auth_postgresql_list_output.dtd 
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SAP Hana authentication is supported for compliance scans (using PC or SCA). The SAP 
Hana API (api/2.0/fo/auth/sap_hana/) lets you list, create, update and delete SAP Hana 
authentication records. User permissions for this API are the same as other authentication 


record APIs. 


Input Parameters 


Use these parameters to create or update SAP Hana authentication records. 


Parameter 


Description 


action={action} 


Required) Specify create, update, delete (using POST) or list 
using GET or POST). 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} 


Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma separated. 


title={value} 


Required to create record) A title for the record. The title must 
be unique. Maximum 255 characters (ascii). 


comments={value} 


Optional to create or update record) User defined comments. 
Maximum of 1999 characters. 


SAP Hana 


database={value} 


Required for create request) The name of the database you 
want to authenticate to. 


port={value} 


Required for create request) The port the database is on. 


unix_conf_path={value} 


Required for create request when this record will be used for 
scanning Unix hosts) The SAP Hana configuration path on 
Unix hosts (up to 255 multi-byte characters). 


ssl_verify={0|1} 


Optional to create or update record) SSL verification is skipped 
by default. Set to 1 if you want to verify the server's certificate 
is valid and trusted. 


hosts={value} 


Required if ssl_verify=1) A list of FQDNs for all host IP 
addresses on which a custom SSL certificate signed by a 
trusted root CA is installed. Multiple hosts are comma 
separated. 


Login credentials 
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Parameter 


Description 
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username=[value) 


username of 


Required for create request) The username of the account to 
be used for authentication. If password is specified this is the 


a SAP Hana account. If login_type=vault is 


specified, this is the username of a vault account. Maximum 
255 characters (ascii). 


password={value} 


For create request, password or login_type=vault is required) 
The password of the SAP Hana account to be used for 
authentication. Maximum 100 characters (ascii). 


password_encryption=({0|1} 


your databas 


Optional to create or update record) Enable this option when 


e instance requires an encrypted password for 


successful login. If password encryption is required and you do 
not enable this option then authentication will fail. When set 
to 1, password encryption is enabled in the record. When set to 
0 (the default), password encryption is not enabled. 


login_type={value} 


For create re 


Definition. 


quest, password or login_type=vault is required) 


Login type can be basic (default) or vault. Set to vault if a third 
party vault will be used to retrieve the password. Vault 
parameters need to be provided in the record. See Vault 


vault_id={value} 


Required if login_type=vault) The ID of the vault to be used to 
retrieve the password for login. 


vault_type={value} 


Required if login_type=vault) The third party vault to be used 


to retrieve the password for login. Certain vaults support this 
capability. See Vault Support matrix. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) for the targets 
you want to authenticate to. Multiple entries are comma 


separated. 


Ps in the rec 


This parame 


Optional to update record) IPs specified will overwrite existing 


ord, and existing IPs will be removed. 


ter and the add_ips parameter or the remove_ips 


parameter cannot be specified in the same request. 


add_ips={value} 


This parame 
the same req 


Optional to update record) Add IPs and/or ranges to the IPs list 
for this record. Multiple IPs/ranges are comma separated. 


ter and the ips parameter cannot be specified in 
uest. 


remove_ips={value} 


(Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 


Multiple entri 


es are comma separated. 


This parameter and the ips parameter cannot be specified in 


the same req 


uest. 


network_id={value} 


(Optional to create or update record, and valid only when the 
networks feature is enabled) The network ID for the record. 
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Sample - Create SAP Hana Record 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -qd 
"action=createçtitle=sap_hana API&username=root&password=root&database=sa 
pDb&port=39013&ips=1.1.1.1&ssl_verify=1&hosts=test.domain.com&unix conf p 
ath=/etc/saphana.conf&password encryption=1" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sap_ hana/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-01-12T14:39:46Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>4474043</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample - Update SAP Hana Record 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d 
"action=updateé&ids=4474043é&comments=updatel" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sap_hana/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-01-12T14:45:58Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>4474043</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 
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Sample - List SAP Hana Records with All Details 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d 
"action=list&details=A11" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sap_hana/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE AUTH SAP HANA LIST OUTPUT SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/auth/sap_hana/auth_sap hana list 

_output.dtd"> 

<AUTH SAP HANA LIST OUTPUT> 

<RESPONSE> 

<DATETIME>2021-01-12T14:34:42Z</DATETIME> 
<AUTH_ SAP HANA LIST> 


<AUTH SAP HANA> 


<ID>4474042</ID> 
<TITLE><! [CDATA[SAP_ HANA 


]]></TITLE> 
M] ] ></USERNAME > 
MDB] ] ></DATABASE> 


<USERNAME><! [CDATA[SYSTI 
<DATABASE><! [CDATA[SYSTI 
<PORT>39013</PORT> 
<SSL_VERIFY><! [CDATA[1 ]></SSL_VERIFY> 
<HOSTS> 
<HOST><! [CDATA[host.domainl1] ]></HOST> 
</HOSTS> 
<IP_SET> 
<IP>10.11.70.185</IP> 
</IP_SET> 
<UNIX_CONF_PATH><! [CDATA[/etc/saphana.conf] ]></UNIX_CONF_PATH> 
<PASSWORD_ENCRYPTION><! [CDATA[1]]></PASSWORD_ ENCRYPTION> 
<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 
<CREATED> 
<DATETIME>2021-01-12T14:28:162Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST_ MODIFIED> 
<DATETIME>2021-01-12T14:33:052Z</DATETIME> 
</LAST_MODIFIED> 
<COMMENTS><! [CDATA[created successfully] ]></COMMENTS> 
</AUTH_SAP_HANA> 
</AUTH_SAP HANA LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN>joe_user</USER LOGIN> 
<FIRST NA E>Joe</FIRST_ NAI > 
<LAST_NAME>User</LAST NA E> 
</USER> 
</USER_LIST> 
</GLOSSARY> 
</RESPONSE> 
</AUTH SAP HANA LIST OUTPUT> 


| 
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Sample - Delete SAP Hana Records 
API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d 
"action=delete&ids=4474043" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sap_ hana/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2021-01-12T14:48:56Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>4474043</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


DTDs for auth type “sap hana” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/sap_hana/auth_sap_hana_list_output.dtd 
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SAP IQ Record 


/api/2.0/fo/auth/sapiq/ 


[POST] 


Scan Authentication 
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The SAP IQ API lets you list, create, update and delete SAP IQ authentication records for 
compliance scans (using PC). User permissions for this API are the same as other 


authentication record APIs. 


Input Parameters 


Use these parameters to create or update SAP IQ authentication records. 


Parameter 


Description 


action={action} 


Required) Specify create, update, delete (using POST) or list 
using GET or POST). 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} 


Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma separated. 


title={value} 


Required to create record) A title for the record. The title must 
be unique. Maximum 255 characters (ascii). 


comments={value} 


Optional to create or update record) User defined comments. 
Maximum of 1999 characters. 


SAP IQ 


database={value} 


Required for create request) The name of the database you 
want to authenticate to. 


port={value} 


Required for create request) The port the database is running 
on. 


installation_dir={value} 


Required for create request when this record will be used for 
scanning Unix hosts) The database installation directory for 
scanning Unix hosts. 


Login credentials 


username={value} 


(Required for create request) The username of the account to 
be used for authentication. If password is specified this is the 
username of a SAP IQ account. If login_type=vault is specified, 
this is the username of a vault account. Maximum 255 
characters (ascii). 


password={value} 


(For create request, password or login_type=vault is required) 
The password of the SAP IQ account to be used for 
authentication. Maximum 100 characters (ascii). 
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Description 


password_encryption=[0|1) 


(Optional to create or update record) Enable this option when 
your database instance requires an encrypted password for 
successful login. If password encryption is required and you do 
not enable this option then authentication will fail. When set 
to 1, password encryption is enabled in the record. When set to 
0 (the default), password encryption is not enabled. 


login_type={value} 


For create request, password or login_type=vault is required) 
Login type can be basic (default) or vault. Set to vault if a third 
party vault will be used to retrieve the password. Vault 
parameters need to be provided in the record. See Vault 
Definition. 


vault_id={value} 


D of the vault to be used to 


oO 
= 


Required if login_type=vault) Th 
retrieve the password for login. 


vault_type={value} 


Required if login_type=vault) The third party vault to be used 
to retrieve the password for login. Certain vaults support this 
capability. See Vault Support matrix. 


Target Hosts 


ips={value} 


Required to create record) The IP address(es) the server will 
log into using the record's credentials. Multiple entries are 
comma separated. 


Optional to update record) IPs specified will overwrite existing 
Ps in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the remove_ips 
parameter cannot be specified in the same request. 


add_ips={value} 


Optional to update record) Add IPs and/or ranges to the IPs list 
for this record. Multiple IPs/ranges are comma separated. 


This parameter and the ips parameter cannot be specified in 
the same request. 


remove_ips={value} 


(Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified in 
the same request. 


network_id={value 


} 


(Optional to create or update record, and valid only when the 
networks feature is enabled) The network ID for the record. 


Sample - Create SAP IQ Record 


API request: 


curl -u 


"USE 


RNAM 


F: PASSWORD" -H 'X-Requested-With: curl' -d 


"action=create&title=sapiq&username=root &password=rootédatabase=sapDbé&por 
t=123é&é&ips=11.11.11.11" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sapiq/" 


345 


Scan Authentication 
SAP IQ Record 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.O/batch return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2020-12-05T12:04:32Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>96171</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample - Update SAP IQ Record 


API request: 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -d 

"action=update&ids=4423386&installation_ dir=/opt/sybase&comments=update i 
nst_dir" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sapiq/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2020-12-11T10:47:462Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>4423386</ID> 
</ID_SET> 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH_RETURN> 


Sample - List SAP IQ Records with All Details 
API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-With: curl' -d 
"action=list&details=A11" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sapiq/" 
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XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH SAPIQ LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sapig/auth_sapig list outpu 
t.dtd"> 
<AUTH_SAPIQ LIST _OUTPUT> 
<RESPONSE> 
<DATETIME>2020-12-11T18:02:56Z</DATETIME> 
<AUTH SAPIQ LIST> 
<AUTH_SAP_IQ> 
<ID>4423387</ID> 
<TITLE><! [CDATA[sap_iq_api_2]]></TITL 
<USERNAME><! [CDATA [dba] ] ></USERNAME> 
<IP SETS 
<IP>10.11.70.54</IP> 
</IP_SET> 
<DATABASE><! [CDATA [iqdemo] ]></DATABASE> 
<PORT>2638</PORT> 
<LOGIN TYPE><! [CDATA[basic]]></LOGIN_ TYP! 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2020-12-11T06:24:152Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST_ MODIFIED> 
<DATETIME>2020-12-11T06:24:152Z</DATETIME> 
</LAST_MODIFIED> 
</AUTH SAP IQ> 
<AUTH_SAP_IQ> 
<ID>4423518</ID> 
<TITLE><! [CDATA[sap_iq_ api_3]]></TITL 
<USERNAME><! [CDATA [dba] ] ></USERNAME> 
<IP_SET> 
<IP>10.11.70.52</IP> 
</IP_SET> 
<DATABASE><! [CDATA [iqdemo] ] ></DATABASE> 
<PORT>2638</PORT> 
<INSTALLATION DIR><! [CDATA[test] ]></INSTALLATION_DIR> 
<PASSWORD_ENCRYPTION><! [CDATA[1]]></PASSWORD_ENCRYPTION> 
<LOGIN TYPE><! [CDATA[basic]]></LOGIN TYPE> 
<NETWORK_ ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2020-12-11T12:35:12Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST_ MODIFIED> 
<DATETIME>2020-12-11T12:35:12Z</DATETIME> 
</LAST_MODIFIED> 
</AUTH_SAP_IQ> 
</AUTH_SAPIQ LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 


Ez 
Vv 


ti 
V 


[ka] 
V 
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<USER LOGIN>joe_user</USER ` 
<FIRST NAME>Joe</FIRST NAME> 
<LAST NAME>User</LAST NA 


</USER> 


</USER ` 
</GLOSSARY> 
</RESPONSE> 


,IST> 


</AUTH_SAPIQ LIST_OUTPUT> 


Sample - Delete 
API request: 


curl -u 


SAP IQ Records 


"action=delete&ids=4423386" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sapiq/" 


XML output: 


<?xml version="1.0" 
<!DOCTYPE 


BATCH RETURN SYSTI 


ER LOGIN> 


ME> 


"USERNAME: PASSWORD" -H 'X-Requested-With: 


ncoding="UTF-8" ?> 
EM 
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curl' -d 


"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH_RE 


TURN> 


<RES PONSE> 


<DATE 


<BATC 
<BA 

< 

< 


< 


</BATCH> 
</BATCH 


H LIST> 
TCH> 


m 


ID SET> 
<ID>4423386</ID> 
/ID_SET> 


_LIST> 


</RESPONSE> 


</BATCH RI 


ETURN> 


DTDs for auth type “sap iq” 
<platform API server>/api/2.0/batch_return.dtd 


TIME>2020-12-11T10:53:04Z</DATETIME> 


EXT>Successfully Deleted</TEXT> 


<platform API server>/api/2.0/fo/auth/sapig/auth_sapig_list_output.dtd 
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/api/2.0/fo/auth/snmp/ 
[POST] 
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SNMP Record 


Create, update, list and delete SNMP records for authenticated scans of SNMP enabled 
devices. Supported are vulnerability and compliance scans (using VM, PC). Supported 
versions are SNMPv1, SNMPv2 and SNMPv3. 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} 


Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} 


(Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


version={v1|v2c|v3} 


(Optional to create or update record) Specifies the SNMP 
protocol version. For an update request, this parameter 
overwrites the existing SNMP version with a new version. A 
valid value is: 

v1 = SNMPv1 (the default) 

v2c = SNMPv2c 

v3 = SNMPv3 


Login credentials 


community_strings={value} 


(Optional and valid using SNMPv1 and SNMPv2c) The 
SNMP community strings to be used for authentication to 
target hosts. Multiple entries are comma separated. The 
service attempts authentication using several common 
default community strings. When community_strings is 
specified, the user-provided community strings are used 
for authentication before the default community strings. 
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Description 


username={value} 


(Optional and valid using SNMPv3) The user account for 
authentication to target hosts. A maximum of 128 
characters may be specified. 


These three parameters are used to specify authentication: 
username, password and auth_alg. 


If creating a record and authentication will be used, it is 
required that all three parameters are specified together. If 
updating a record to change the username, the username 
specified will replace the existing username in the record. 
If updating a record to remove authentication, specify an 
empty value for all three parameters. 


password={value} 


(Optional and valid using SNMPv3) The password for 
authentication to target hosts. 
Maximum of 128 characters.. 


These three parameters are used to specify authentication: 
username, password andauth_alg. 


If creating a record and authentication will be used, it is 
required that all three parameters are specified together. If 
updating a record to change the password, the password 
specified will replace the existing password in the record. If 
updating a record to remove authentication, specify an 
empty value for all three parameters. 


auth_alg={MI 


DS5|SHA1} 


(Optional and valid using SNMPv3) The algorithm for 
authentication: MD5 or SHA1. This algorithm is used to 
safely prove to the SNMP server knowledge of the password 
without sending the password. 


These three parameters are used to specify authentication: 
username, password and auth_alg. 


If creating a record and authentication will be used, it is 
required that all three parameters are specified together. If 
updating a record to change the authentication algorithm, 
the algorithm specified will replace the existing algorithm 
in the record. If updating a record to remove 
authentication, specify an empty value for all three 
parameters, 


350 


Parameter 


Scan Authentication 
SNMP Record 


Description 


encrypt_password={value} 


(Optional and valid using SNMPv3) The password if privacy 
(data encryption) is to be used for SNMP communication. 
Maximum of 128 characters. 


These two parameters are used to specify privacy: 
encrypt_password and priv_alg. 


If creating a record and privacy will be used, it is required 
that both parameters are specified together. If updating a 
record to change the password, the password specified will 
replace the existing password in the record. If updating a 
record to remove privacy, specify an empty value for both 
parameters. 


priv_alg={DES|AES} 


(Optional and valid using SNMPv3) The algorithm to be 
used for privacy: DES or AES. This algorithm is used to 
encrypt and decrypt SNMP messages. 


These two parameters are used to specify privacy: 
encrypt password and priv_alg. 


If creating a record and privacy will be used, it is required 
that both parameters are specified together. If updating a 
record to change the privacy algorithm, the algorithm 
specified will replace the existing algorithm in the record. 
If updating a record to remove privacy, specify an empty 
value for both parameters. 


security_engine_id={value} 


(Optional and valid using SNMPv3) The security engine ID 
when a security engine is part of the target host 
configuration. A valid ID is required. A maximum of 128 
characters may be specified. 


If a security engine ID is part of the target host 
configuration, the parameter security_engine_id must be 
defined for the record in order for authentication to be 
successful. 


If the security engine ID is not defined (and is required by 
the target host for all SNMP requests), then the SNMP 
service may not be detected on the target host and 
authentication will fail. 


context_engine_id={value} 


(Optional and valid using SNMPv3) The context engine ID 
used in scoped PDUs when a context is part of the target 
host configuration. A valid ID is required. A maximum of 
128 characters may be specified. 


£ 


If an SNMP context is part of the target host configuration, 
the parameters context_engine_id and/or context must be 
defined for the record in order for the scanning engine to 
retrieve context-sensitive information from the target host. 
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Parameter 
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SNMP Record 


Description 


context={value} (Optional and valid using SNMPv3) The context name used 


in scoped PDUs when a context is part of the target host 
configuration. A maximum of 128 characters may be 
specified. 


If an SNMP context is part of the target host configuration, 
the parameters context_engine_id and/or context must be 
defined for the record in order for the scanning engine to 
retrieve context-sensitive information from the target host. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} (Optional to update record) Add IPs and/or ranges to the IPs 


list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} Optional to update record) IPs to be removed from your 


record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} (Optional to create or update record, and valid when the 


networks feature is enabled) The network ID for the record. 


Sample - Create SNMP record, using SNMPv3 


API request: 
curl -H "X-Requested-With: Curl Sample" -d 
"action=createé&title=My+Recordéversion=v3&username=user &password=p 
asswordéauth alg=MD5é&encrypt_ password=passwordabcdel23456é&priv_ alg 


=D] 


ES&security engine id=0x80001F88805131F121BD9B194B&context engin 


e id=0x80001F88805131F121BD9B1 94Bécontext=bridgel&ips=10.10.10.2- 


10 
-b 


.10.10.4" 
"QualysSession=a3863e31b486417f8leea7f8881f3142; path=/api; 


secure" "https://qualysapi.qualys.com/api/2.0/fo/auth/snmp/" 
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XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-02-27T06:22:01Z</DATETIME> 
<BATCH_LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>125726</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update an SNMP record 
Change the user name and password for authentication and the target IPs. 


curl -H "X-Requested-With: Curl Sample" -d 
"action=updateé&ids=65319éusername=user2 &password=password2&ips=10. 
10..10.5=10-.10.10..:6" 

-b "QualysSession=a3863e31b486417f8leeaT7£8881F3142; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/auth/snmp/" 


DTDs for auth type “snmp” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/snmp/auth_snmp_list_output.dtd 
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Sybase Record 
/api/2.0/fo/auth/sybase/ 
[POST] 


Create, update, list and delete Sybase records for authenticating to Sybase Adaptive Server 
Enterprise (ASE) instances. Sybase auth records are supported for VM & PC. 


Requirement - You must configure login credentials on target hosts before scanning. 
Download Qualys User Guide - Sybase Authentication (.zip) 


Tip - We strongly recommend you create one or more dedicated user accounts to be used 
solely by the Qualys Cloud Platform to authenticate to Sybase database instances. 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 


separated. 

title={value} Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 

comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 

Sybase 

port={value} (Required to create record) The port the Sybase database is 
on. 

database={value} (Optional to create and update record) The name of the 


Sybase database you want to authenticate to. 


354 


Parameter 


Scan Authentication 
Sybase Record 


Description 


auto_discover_databases= 
(0|1) 


Specify auto_discover_databases=1 and we will find all 
Sybase database instances on the target host. This means 
you no longer have to create a separate Sybase record for 
each database name. Create one record with Auto Discover 
Databases enabled to authenticate to multiple databases 
on the same host. 


Note you must either enter a database name (with existing 
database parameter) OR use the Auto Discover option. 


When unspecified (auto_discover_databases=0), we will 
not auto discover database instances and look for the 
database name that you have entered in the database 
parameter. 


installation_dir={value} 


(Required for create request if this record will be used for 
scanning Unix hosts) The database installation directory 
for scanning Unix hosts. 


Login credentials 


username={value} 


Required to create record, optional to update record) The 
username of the account to be used for authentication. If 
password is specified this is the username of a Sybase 
account. If login_type=vault is specified, this is the 
username of a vault account. Maximum 255 characters 
ascii). 


password={value} 


(To create record password or login_type=vault is required) 
The password of the Sybase account to be used for 
authentication. Maximum 100 characters (ascii). 


password_encryption=[0|1) 


(Optional to create or update record) Enable this option 
when your Sybase database instance requires an encrypted 
password for successful login. If password encryption is 
required and you do not enable this option then 
authentication will fail. 


When set to 1, password encryption is enabled in the 
Sybase record.When set to 0 (the default), password 
encryption is not enabled. 


login_type=vault 


(To create record password or login_type=vault is required) 
Set to vault if a third party vault will be used to retrieve 
password. Vault parameters need to be provided in the 
record. See Vault Definition 


Target Hosts 
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ips=[value) 


(Required to create record) 'The IP address(es) the server 
will log into using the record's credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the record. 


Sample - Create Sybase Record 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl Sample" -d 


"action=create&title=sybase_record&network id=19015&username=acme_ 
acl2&password=password&port=444&database=sybaseDBlçips=10.10.24.12 
,10.10.24.13,10.10.24.15&installation dir=/dir123&comments=This%20 
Sybase%20comments" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sybase/" > file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH RETURN> 
<RES PONSE> 


<DATETIME>2018-04-10T20:52:312</DATETIME> 


<BATCH LIST> 


<BATCH> 


<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>78782</ID> 
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</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_RETURN> 


Sample - Create Sybase Record, with vault 
API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=create&title=CYBER_ARK_DIGITAL PIM Vault Sample&vault id=1 
39249&login_type=vault&vault_type=CyberArk%20PIM%20Suite&folder=Ro 
ot&file=passwd abc123&installation dir=C://dirl/win/vault&username 
=Syb _ User&port=456&database=Syb db CyberArkSuite&ips=10.10.25.81- 
10.10.25.82&comments=sybase vault comments" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sybase/" > file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RES PONSE> 
<DATETIME>2018-04-18T18:54:36Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>88888</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create Sybase Record to enable password encryption and auto discovery 
API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=create&title=sybase_record&network id=19015&username=acme_ 
ac12&password=password&password encryption=1&ips=10.10.24.12&auto_ 
discover databases=léport=444&installation dir=/dir123&comments=Th 
is%2 u 

Sybase%20comments" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sybase/" > file.xml 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"http://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2019-04-18T15:45:05Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>43025</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Sybase Record 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl Sample" -d 

"action=updateé&ids=78782é&add_ips=10.10.26.238&installation dir=C:/ 
/user/dir" "https://qualysapi.qualys.com/api/2.0/fo/auth/sybase/" 

> file.xml 


Sample - List Sybase records 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl Sample" -d 
"action=list&details=A11" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sybase/" > file.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH SYBASE LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/sybase/auth sybase 1 
ist_output.dtd"> 
<AUTH_ SYBASE LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2017-04-10T21:32:21Z</DATETIME> 
<AUTH SYBASE _LIST> 
<AUTH SYBASE> 
<ID>78177</ID> 
<TITLE><! [CDATA[api syb basic 2IPs NW2]]></TITLI 


Gl 


eal 
V 
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<USERNAME><! [CDATA[api userl]]></USERNAME 
[A[api sybDB1]]></DATABASE> 


<DATABASE><! [CDA 


<PORT>444< 


ETWORK I 
EKATED> 


/PORT> 


D>19019</NETWORK_ ID> 


R 
<DATETIM 
< 


</CREATED> 


E>2017-04-08T00:17:17Z</DAT 


BY>enter_ss</BY> 


<LAST MODIFIED> 


<DATETIM 


E>2017-04-08T00:17:172Z</DAT 


</LAST MOD 
</AUTH SYBAS 


IFIED> 


E> 


<AUTH SYBASE> 


<ID>78186< 


<TITLE><! [CDATA[api syb basic 2IPs Global] ]></TITLI 
<USERNAME><! [CDATA [api_user1] ] ></USERNAME 
[A[api_sybDB1] ]></DATABASE> 


<DATABASE><! [CDA 


<PORT>444</PORT> 

<IP_SET> 
<IP_RANGE>10.10.24.12-10.10.24.13</IP_RANG 

</IP_SET> 

<NETWORK_ID>0</NETWORK_ID> 


<CREATED> 


/ID> 


> 


E>10.10.24.12-10.10.24.13</IP_ RANG 


ETIME 


ETIME 


F>2017-04-08T01:10:042Z</DAT 


R. 
<DATETIM 
< 


</CREATED> 


BY>enter_ss</BY> 


<LAST MODIFIED> 


<DATETIM 


E>2017-04-08T01:10:04Z</DAT 


</LAST MODIFIED> 


</AUTH_ SYBAS 


DTDs for auth type “sybase” 


E> 


<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/sybase/auth_sybase_list_output.dtd 
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Unix Record 
/api/2.0/fo/auth/unix/ 
[POST] 


Create, update, list and delete Unix records for authenticated scans of hosts running on 
Unix, Cisco and Checkpoint Firewall. Vulnerability and compliance scans are supported 
on Unix and Cisco systems (using VM, PC). Compliance scans are supported on 
Checkpoint Firewall systems (using PC). 


Download Qualys User Guide - Unix Authentication (pdf) 


Input Parameters 
Parameters: Request | Login credentials| Unix only | Target Hosts 


Parameter Description 

action={action} (Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 

sub_type=({cisco| Required for hosts running on Cisco or Checkpoint 

checkpoint_firewall} Firewall) Choose cisco or checkpoint_firewall if you're 


scanning one of these system types. 


echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


port={value} (Optional and valid for compliance scans only) Custom 
ports to be used to perform authenticated compliance 
assessment (control testing). 

Ports Used For Unix Compliance Scans 


Login credentials 


username={value} Required to create record, optional to update record) The 
username of the account to be used for authentication. If 
ogin_type=vault is specified, this is the username of a 
vault account. Maximum 255 characters (ascii). 


password={value} (To create record password or login_type=vault is required) 
The password of the PostgreSQL account to be used for 
authentication when a vault will not be used. Maximum 
100 characters (ascii). 
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Unix Record 


login_type={basic|vault} 


(To create record password or login_type=vault is required) 
Set to vault if a third party vault will be used to retrieve 
password. Vault parameters need to be provided in the 
record. See Vault Definition 


cleartext_password=(0|1} 


(Optional) When not specified, the scanning engine only 
uses strong password encryption for remote login. Specify 
1 to allow your password to be transmitted in clear text 
when connecting to services which do not support strong 
password encryption. For more info, search for “Clear Text 
Password” in online help. 


For a create request, if cleartext_password=1, the password 
parameter is required. For an update request, if 
cleartext_password=1, and the record does not have a 
password set, then cleartext_password=1 is “silently 


* 


ignored*. 


skip_password=[0|1) 


Optional and valid only for Unix record, i.e not supported 
for Cisco or Checkpoint Firewall sub-type) By default when 
only the required parameters are set (title, username, ips) 
the login account password is set to the empty password. 
You can set skip_password=1 if the login account does not 
have a password. When set it’s not possible to set the 
empty password, another password using the “password” 
parameter, or password in a vault. 


enable_password={value} 


(Optional and valid only for Cisco sub-type) The password 
required for executing the “enable” command on the target 
hosts. Maximum 100 characters (ascii). Note: The pooled 
credentials feature is not supported if the “enable” 
command requires a password and it is specified using the 


enable_password parameter. 


expert_password={value} 


(Optional and valid only for Checkpoint Firewall sub-type) 
The password required for executing the “expert” 
command on the target hosts. Maximum 100 characters 
(ascii). 


target_type={value} 


(Optional) Specify the target type. You can choose from the 
following values: 

- A10 
- HP_COMWARE 
- CISCO_ASA_WITH_FIREPOWE 
- auto (default) 


Unix only 


{XML File} 


(Optional and valid only for Unix record, i.e. not supported 
for Cisco or Checkpoint Firewall sub-type 


XML file where you define private-key certificates and root 
delegations. These are defined using this DTD: <platform 
API server>/api/2.0/fo/auth/unix/unix_auth_params.dtd 
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Description 


use_agentless_tracking= 
[0|1} 


((Optional and valid for Unix record only, i.e. not supported 
for Cisco or Checkpoint Firewall sub-type) 


Specify 1 to enable Agentless Tracking. 


agentless_tracking path= 
{value} 


(Required if use_agentless_tracking=1 for Unix record, i.e. 
not supported for Cisco or Checkpoint Firewall sub-type) 


The pathname where you would like the service to store 
the host ID file on each host. This is required to enable 
Agentless Tracking for Unix. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the record. 


362 


Scan Authentication 
Unix Record 


Parameter Description 
Target Hosts with Tag Note: Applicable only when you have Asset Tagging and 
Support Tag Support for Authentication Records enabled for your 


subscription. 


asset_type={ips|asset_tags| 
ip_range_tag_rule} 


(Optional) Indicates how assets will be defined in the 
record. Valid values are ips (the default), asset_tags, 
ip_range_tag_rule. When not specified, we'll use 
asset_type=ips 


ips - Specify this value to assign IP addresses/ranges to the 
record. 


asset_tags - Specify this value to add tags to the record for 
the assets you want included. IP addresses with the 
selected tags already assigned will be associated with the 
record. 


ip_range_tag_rule - Specify this value to add tags that have 
IP address ranges defined in the tag rule. All IP addresses 
defined in the tag rule will be associated with the record, 
including IPs that don’t already have the tag assigned. 


tag_set_by={id|name} 


(Optional when asset_type=asset_tags or 
ip_range_tag_rule) Specify “id” (the default) to select a tag 
set by providing tag IDs. Specify “name” to select a tag set 
by providing tag names. 


tags_include=(tag1,tag2...} 


Required when asset_type=asset_tags or 
ip_range_tag_rule) 

Specify a tag set to include in the record. Hosts that match 
these tags will be included. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. To specify tag names, you must also specify 
tag_set_by=name. 


tags_exclude=(tag1,tag2,...} 


Optional when asset_type=asset_tags or 
ip_range_tag_rule) 
Specify a tag set to exclude from the record. Hosts that 

match these tags will be excluded. You identify the tag set 
by providing tag name or IDs. Multiple entries are comma 
separated. To specify tag names, you must also specify 

tag_set_by=name. 


tag_include_selector={any|a 
1} 


Optional when asset_type=asset_tags or 
ip_range_tag_rule) Select “any” (the default) to include 

hosts that match at least one of the selected tags. Select 
“all” to include hosts that match all of the selected tags. 


tag exclude_selector=[any| 
all) 


Optional when asset_type=asset_tags or 
ip_range_tag rule) Select “any” (the default) to exclude 

hosts that match at least one of the selected tags. Select 
“all” to exclude hosts that match all of the selected tags. 
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ips=[value) 


(Required to create record when asset_type=ips or 
asset_type is not specified) The IP address(es) the server 
will log into using the record's credentials. Multiple entries 
are comma separated. 


(Optional to update record when asset_type=ips) IPs 
specified will overwrite existing IPs in the record, and 
existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record when asset_type=ips) Add IPs 
and/or ranges to the IPs list for this record. Multiple 
IPs/ranges are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


(Optional to update record when asset_type=ips) IPs to be 
removed from your record. You may enter a combination of 
IPs and ranges. Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


Ports Used For Unix Compliance Scans 


The actual ports used for compliance scanning (Unix, Cisco, Checkpoint Firewall) depends 
on scan settings in 1) compliance option profile, and 2) Unix authentication record as 


indicated. 

Compliance Option Authentication Record Ports Scanned 

Profile 

Standard Scan UI; Well Known Ports ~ 1900 Ports (includes Ports 22, 23, 
API: no “port” 513) 
parameter 

Standard Scan UI: Custom Ports ~ 1900 Ports + Custom Ports in 
API: “port” parameter record 

Targeted Scan UI: Well Known Ports Ports 22, 23 and 513 only 
API: no “port” 
parameter 

Targeted Scan UI: Custom Ports Custom Ports in record 
API: “port” parameter 
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Sample - Create Unix record, with password 
Applies to record type Unix, Cisco and Checkpoint Firewall 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create& 
title=Unixéusername=rootépassword=crazy8! &éips=10.10.36.63" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-04-18T18:54:36Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>12345</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create Unix record, root delegation tools and vault 
Applies to record type Unix only (not sub-types) 


API request: 


curl -H "X-Requested-With: curl" -H "Content-type:text/xml" -u 
"USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/action=createét 
itle=Unixévaultéusername=Qualysé&ips=10.113.195.152&port=5857élogin 
_type=vaulté&vault_type=LiebermanERPMévault id=10873203&auto discov 
er system name=0ésystem name single host=aécustom system type=cust 
omésystem type=custom" 


--data-binary @add_params.xml 


add_params.xml 


<?xml version="1.0" encoding="UTF-8" ?> 
<UNIX AUTH PARAMS> 
<ROOT TOOLS> 
<ROOT TOOL> 
<STANDARD TYPE type="pimsu"/> 
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<PASSWORD INFO type="vault"> 
<DIGITAL VAULT> 


<VAULT US 


T 


RNAME><! [CDATA [root] ]></VAULT_USERNAME> 
<VAULT_TYPE>Thycotic Secret Server</VAULT_TYPE> 
<VAULT_ID>25026922</VAULT ID> 
<SECRET NAME><! [CDATA[super_ secret name] ]></SECRET NAME> 
</DIGITAL VAULT> 
</PASSWORD_INFO> 
</ROOT_TOOL> 
<ROOT_TOOL> 
<CUSTOM TYPE><! [CDATA [test] ]></CUSTOM TYP 
<PASSWORD INFO type="basic"> 
<PASSWORD><! [CDATA [password] ] ></PASSWORD> 
</PASSWORD_INFO> 
</ROOT_TOOL> 
</ROOT_TOOLS> 
<PRIVATE KEY CERTIFICATES> 
<PRIVATE KEY CERTIFICATE> 
<PRIVATE KEY INFO type="vault"> 
<DIGITAL VAULT> 
<VAULT TYPE>CyberArk AIM</VAULT_ TYPE> 
<VAULT_ID>25026922</VAULT_ID> 
<FOLDER><! [CDATA [folder] ] ></FOLDER> 
<FILE><! [CDATA[file] ]></FILE> 
</DIGITAL VAULT> 
</PRIVATE KEY INFO> 
<PASSPHRASE INFO type="basic"> 
<PASSPHRASE><! [CDATA [passphrase] ] ></PASSPHRAS] 
</PASSPHRASE INFO> 
</PRIVATE KEY CERTIFICATE> 
<PRIVATE KEY CERTIFICATE> 
<PRIVATE KEY INFO type="basic"> 
<PRIVATE KEY type="rsa"> 
<! [CDATA[-----BEGIN RSA PRIVATE KEY----- 
Proc-Type: 4,ENCRYPTED 
DEK-Info: AES-128-CBC, F9A653E2D12E019357B349B6 


ea) 
V 


T 


eal 
V 


T 


T 
T 


'F068B1 
FiLfGHOcOrREmCOcBPsiyqqaitPNYTGeqKRmSBwGNrAzNTAcsKslsoY/WkMDW6QD 
dLZNiGBOCFag94zyoMyCjyrdpayACAOWfH5w8VixxHF16Vxx5b6foLBE40FOYAIP 
s 
T 


dmlHvCfSFaN2dPf1Unb0erwj)igj INWYIV78529elE+2+dZIemi90ibhOR35NB60 
LeS3UUVezp/09ZPL£0pgPPHnWg fW4GXp/SUpwojES9fCQE+BW4MMWHWu8xXKtytt 


----- END RSA PRIVATE KEY-----]]></PRIVATE KEY> 
</PRIVATE KEY INFO> 
<PASSPHRASE INFO type="vault"> 


<DIGITAL VAULT> 
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US 


ERNAM 


F] ]></VAULT US 


<SYST 


E>< 


AAAAHHNzaC1yc2] 
3yZ61o2WYfnBiO 


EM NAM 


</ 
<Ç 


HOwz3A5M3GRKLu 


Hr] 


EFivndNNLY9NQJ7 


bcVz/ljlSypmjz 


4jhnjlQxBxyjad3efmFaejg 
RTIFICAT 
</PRIVATE 
<PRIVATE 


<! [CDATA[ 


b3BlbnNzaC1lrZxXk 


UH5L3L2ZGIn 


</ 


<P 


Ewth 


uwFVTYVmske0bdFjSlYgsfvyCr7e5irlfoW/B8hNY0XJWyO 
E7x0jDXLr9bZ64THFpogFRC/gI2aorrLKLxdr0 
tHIohPoUlw82QayZRa 


nqKPEQD1 
LOxO7YOh 


HyFdLse62Jd 
E9Bbi80 


<VA 


U 


'T_US 


T 


,RNAM 


ERNAM 


<VA 
<VA 


! [CDATA [q 


F 


PASSPHRASI 


U 
U 


uest system name] ]></SYST 
</DIGITA 


= 
an 


RTIFICATI 


F 


E 


OZ] 


py 


E> 
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Gl 


iT TYPE>Quest Vault</VAU 
LT ID>35046922</VAULT_ID> 


T TYPE 


L_VAULT> 
_INFO> 
type="openssh"> 


EROY6 


K 


EM NAME 


<! [CDATA[ssh-rsa-cert-v01l@openssh.com 

tY2VydC12MDFAb3BlbnNzaC5jb20AAAAgwR4bJUSiBtJLOgGCAQUF 
RKbqLgAAAADAQABAAABAOC5sVLb7emh8/v2uHp6x1lpN5R+M 
u1lNjc/XYgqeWLMOJpbVtCVXwUcPgKt4Q0Dm1Gqce4uhZhzrdtpoG 
E7x/sGiWdtmlucUh1teXMaBpM4al 


uW5wv6ZylY7CAV9 


PjJJ39AJq+OxZkIv+H4uh/T05LwHdilFrjWWw 
RNY6CcBW821gm... 


E 


py 


E> 


F 


En 


_ KEY C 


IRTIFICAT! 


E> 


T 


KEY C 


,RTIFICATI 


E> 


RIVATE K 


EY INFO type="basic"> 


<P 


F 


RIVATE 


KEY type="rsa"> 


my 
E, 


BEGIN OP] 
tdj] 


NSS 
FAAAAACmF1czI1Nil1jJYmMAAAAGYmNyeXBOAAAAGAAAABCPi] 


H KE 


G 


PRIVATE 


/m4+AAAA 


FAAAAA 


FAAAFXAAAAB3NzaC1yc2] 


4ixXpqpWVbh/ 90Mnblrac 


END OP 


ENS 


</P 
</PRIVATE 
</UNIX AUTH_ 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


</ 


RIVATE 


k++xTW+Ymf7 


my 
Ë, 


FoI8DV/DRIw3h8o 


ry 
Ë, 


FAAAADAQABAAABAQCpDp 
qZ5BzwPA 


Etzjua6ém3v 
K7u5wQUTm1 


LbVRLWVdN6kUBunIGow3W+ 


SH PRIVAT 


EY> 


]]></PRIVATE 


PRIVATE K 


F 


'Y INFO> 


F F 


KEY C 


IRTIFICAT! 


E> 


F 


K 


£ 


EY CERTIF 


PARAMS> 


ICAT] 


?> 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2018-04-18T18:54:36Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
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<ID>12333</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create Unix Record with target type set to HP_COMWARE 
Provide a target type while creating or updating the Unix (SSH2) authentication record. 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create& 
title=ux-target- 
typeéusername=rooté&ips=10.11.42.114&login type=basic&password=root 
é&target_type=HP_COMWAR 


Gl 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2020-05-26T21:17:172</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>149016</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create Unix Record with Tags 
In this sample, a new Unix record is created with asset_type=ip_range_tag_rule. 


API request: 


curl -H "X-Requested-With: curl" -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create& 
title=unixéusername=rooté&asset type=ip range tag rule&tags include 
=7515612&tag_include_selector=allé&tags_exclude=7514462&tag_ exclude 
_selector=all" 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2021-03-08T22:00:502</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>204020</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Unix auth record with target type CISCO_ASA_WITH_FIREPOWE 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWORD" 
https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=update&i 
ds=149016&target type=CISCO ASA WITH FIREPOWE 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2020-05-26T21:34:182</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>149016</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 
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Sample - List Unix auth record with to view updated target type 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWORD" 


https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=listé&ids 
=149016 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH UNIX LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/auth_ unix list 
output.dtd"> 
<AUTH UNIX LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2020-05-26T21:35:232</DATETIME> 
<AUTH_UNIX_LIST> 
<AUTH UNIX> 
<ID>149016</ID> 
<TITLE> 
<! [CDATA[ux-target-type] ]> 
</TITLE> 
<USERNAME> 
<! [CDATA[root]]> 
</USERNAME> 
<SKIP_PASSWORD>0</SKIP_ PASSWORD> 
<CLEARTEXT PASSWORD>0</CLEARTEXT PASSWORD> 
<TARGET TYPE> 
<![CDATA[Cisco Adaptive Security Appliance with 


FirePower] ]> 


</TARGET_ TYPE> 
<IP_SET> 
<IP>10.11.42.114</IP> 
</IP_SET> 
ETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2020-05-26T21:17:17Z</DATETIME> 
<BY>username</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2020-05-26T21:34:18Z</DATETIME> 
</LAST MODIFIED> 
</AUTH_UNIX> 
</AUTH_UNIX_LIST> 
</RESPONSE> 
</AUTH_UNIX_LIST_OUTPUT> 


T 


370 


Scan Authentication 
Unix Record 


More Samples 
Qualys API - Unix Authentication API samples (GitHub) 


DTDs for auth type “unix” 
<platform API server>/api/2.0/batch_return.dtd 
<platform API server>/api/2.0/fo/auth/unix/auth_unix_list_output.dtd 


For Unix type record type only, root delegation tools and private-key certificates are 
specified using the unix_auth_params.dtd here 


<platform API server>/api/2.0/fo/auth/unix/unix_auth_params.dtd 
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Network SSH Record 
/api/2.0/fo/auth/network_ssh/ 
[POST] 


Network SSH authentication is supported for vulnerability and compliance scans. The 
new Network SSH API (/api/2.0/fo/auth/network_ssh/) lets you list, create, update and 
delete Network SSH authentication records. This authentication supports SSH2 format. 


Network SSH authentication record can be used in place of the Cisco and Checkpoint 
Firewall authentication records. This authentication record has all the same functionality 
as the Cisco and Checkpoint Firewall records and additional support for target_type field 
similar to Unix authentication record. 


Network SSH authentication records support for password and password? fields with 
vaults. This password? field is similar to expert_password field (for Checkpoint Firewall 
sub-type) and enable_password field (for Cisco sub-type). 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


id={value} (Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 


separated. 
title={value} (Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 
comments={value} Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 
port={value} Optional) The port the database name is running on. 
target_type=(value} (Optional) Specify the target type. 
username={value} Required for create request) The username of the account 


to be used for authentication. If password is specified this 
is the username of a Network SSH account. If 
ogin_type=vault is specified, this is the username of a 
vault account. Maximum 255 characters (ascii). 


password={value} Optional) The password of the Network SSH account to be 
used for authentication. Maximum 100 characters (ascii). 
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Description 


cleartext_password=[0|1) 


(Optional) When not specified, the scanning engine only 
uses strong password encryption for remote login. Specify 
1 to allow your password to be transmitted in clear text 
when connecting to services which do not support strong 
password encryption. For more info, search for “Clear Text 
Password” in online help. 


For a create request, if cleartext_password=1, the password 
parameter is required. For an update request, if 
cleartext_password=1, and the record does not have a 
password set, then cleartext_password=1 is “silently 
ignored*. 


password2={value} 


(Optional) This password? field is similar to existing 
expert_password field (for Checkpoint Firewall sub-type) 
and enable_password field (for Cisco sub-type). 


For Checkpoint Firewall: The password required for 
executing the “expert” command on the target hosts. The 
password may include 1-31 characters (ascii). 


For Cisco: The password required for executing the 
“enable” command on the target hosts. The password may 
include 1-31 characters (ascii). 


login_type={value} 


(Optional) Login type can be basic (default) or vault. Set to 
vault if a third party vault will be used to retrieve the 
password. Vault parameters need to be provided in the 
record. See “Vault Definition” in the API user guide. 


vault_id={value} 


(Required if login_type=vault) The ID of the vault to be 
used to retrieve the password for login. 


vault_type={value} 


(Required if login_type=vault) The third party vault to be 
used to retrieve the password for login. Certain vaults 

support this capability. See “Vault Support Matrix” in the 
API user guide. 


p2_login_type={value} 


Optional) p2 Login type can be basic (default) or vault. Set 
to vault if a third party vault will be used to retrieve the 
password. Vault parameters need to be provided in the 
record. See “Vault Definition” in the API user guide. 


p2_<vault parameters>={value} 


(Optional) If p2_login_type is vault then all vault parameter 
fields must be added with prefix 'p2_' 


For example, p2_vault_type, p2_vault_id. 


Vault specific parameters required depend on the vault 
type you've selected. See “Vault Definition” in the API user 
guide. 
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Parameter Description 


ips=[value) (Required to create record) 'The IP address(es) for the 
targets you want to authenticate to. Multiple entries are 
comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


An IP added to the Network SSH authentication record 
cannot added in Unix, Cisco or Checkpoint authentication 
records 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


{XML File} (Optional) XML file where you define private-key 
certificates. 
These are defined using this DTD: <platform API 
server>/api/2.0/fo/auth/network_ssh/network_ssh_auth_p 
arams.dtd 


Sample - Create Network SSH Authentication Record 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"https://qualysapi.qualys.com/api/2.0/fo/auth/network ssh/?action= 
createéusername=abcétitle=all&ips=10.10.110.12&password=abc&port=2 
70,17,122&cleartext password=létarget type=Al0&password2=1234" 


API request using xml file: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"https://qualysapi.qualys.com/api/2.0/fo/auth/network ssh/?action= 
createéusername=abcétitle=newS201é&ips=10.10.110.12&password=abcéco 
mments=news20auths20record&port=270,17,122&cleartext_password=lé&ta 
rget_type=Al10&p2 login type=vaultép2 vault type=Thycotics20Secrets 
20Server&p2 vault _id=41014&p2 secret name=sc_name&password2=123461 
ogin_type=vaulté&vault_ type=Thycotic%s20Secret%20Serveré&vault_ id=410 
14&secret_name=bderé&details=Al11" 

--data-binary @add_params.xml 


Content of add_params.xml 


<?xml version="1.0" encoding="UTF-8" ?> 
<NETWORK SSH AUTH PARAMS> 

<PRIVATE KEY CERTIFICATES> 

<PRIVATE KEY CERTIFICATE> 
<PRIVATE KEY INFO type="vault"> 
<DIGITAL VAULT> 


<VAULT TYPE>CA PAM</VAULT TYPE> 
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<VAULT 


<VAULT DEVICE 


ID>41022< 


/VAULT_ID> 


NAM 


<VAUI 
</DIGIT 


<PASSPH 


<DIGITA 


LT APP NAME> 


L_VAULT> 


A 


</PRIVATE KEY IN 


RAS] 
, VAULT> 
TYPE>CA P 


<VAULT_ 


<VAUI 
<VAULT 


ID>41022< 


FO> 


AM</VAU 


_ INFO type="vault"> 


/VAULT_ID> 


DEVICE 


NAM 


<VAULT 


</DIGITAL | 


</PASSP 


</PRIVATE 
</PRIVATE 


</NETWO 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


<!DOCTY 


APP NAME> 


HRASE 


APP NAME</VAU 


T TYPE> 


KEY CE 


RTIFICATE> 


_ KEY CE 
RK SSH AU 


PE BATCH 


RTIFICATES> 
TH_PARAMS> 


RETURN SYST! 


EM 
E 


E>hq device</VAULT D 


EVIC 


E NAME> 


E>hq device</VAULT D 


APP NAME</VAULT APP NAM 


F> 


EVIC 


E NAME> 


'T_APP_NAM 


?> 


F> 
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"http://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH_ 


RETURN> 


<RE 


SPONSE> 


</R 


<DATETIM 


<BATCH L 
<BAT 


</BA 
</BATCH _ 
ESPONSE> 


</BATCH RETURN> 


Sample - Update Network SSH Authentication Record 


API request: 


curl -u 
"F 
assword2 


XML output: 


<?xml version="1.0" 


"USE 


=1234éac 


IST> 
GH> 


E>2021-04-21T06:34:05Z</DAT 


ETIME> 


<TEXT>Successfully Created</TEXT> 


< TE 


D_SET> 
<I 
</ID_SET> 
TCH> 
LIST> 


<!DOCTYP 


"http://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


E BATCH RE 


TURN SYSTEM 


ncoding="UTF-8" 
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D>102451</ID> 


> 


RNAME:PASSWORD" -H "X-Requested-With: 
ttps://qualysapi.qualys.com/api/2.0/fo/auth/network ssh/?username=abcé&p 
tion=updateéids=102419" 


eurl” 


-d 


<BATCH_RETURN> 


<RES 


PONSE> 


<DATETIME>2021-04-21T06: 37:07Z</DATETIME 
<BATCH LIST> 


<BATCH> 
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<TEXT>Successfully Updated</TEXT> 
<ID_SET> 


<ID>102419</ID> 


</ID_SET> 
</BATCH> 
</BATCH_LIST> 


</RE 


SPONSE> 


</BATCH_ 


RETURN> 


Sample - Delete Network SSH Records 


API request: 


curl -u 


XML output: 


"USERNAME 


:PASSWORD" -H "X-Requested-With: curl" -d 
"action=deleteé&ids=4474043" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/network ssh/" 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTY 
"https: 


PE BATCH R 


<BATCH RETURN> 


<RES PONSE> 


<DATETIME>2021-01-12T14:48:562Z</DATETIME 
<BATCH LIST> 
<BATCH> 


< 


ETURN SYSTEM 


//qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<TEXT>Successfully Deleted</TEXT> 


<ID_SET> 


<ID>4474043</ID> 


</ID_SET> 
/BATCH> 


</BATCH LIST> 


</RES 


PONSE> 


</BATCH RETURN> 


DTDs for auth type “network_ssh” 


<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/network_ssh/dtd/auth_list_output.dtd 


Private-key certificates are specified using the network_ssh_auth_params.dtd here 


<platform API server>/api/2.0/fo/auth/network_ssh/network_ssh_auth_params.dtd 
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VMware Record 
/api/2.0/fo/auth/vmware/ 
[POST] 


Create, update, list and delete VMware records for authenticating to vSphere components 
running vSphere v4.x and 5.x. Vulnerability and compliance scans are supported (using 
VM, PC). 


How it works - The VMware record allows for connections to the vSphere API for vSphere 
5.x and 4.x. The vSphere API is a SOAP API used by all vSphere components, including 
VMware ESXi, VMware ESX, VMware vCenter Server, and the VMware vCenter Server 
Appliance. By default, the API connection occurs over an encrypted SSL web services 
connection on port 443. 


Input Parameters 


Parameter Description 


action={action} (Required) Specify create, update, delete (using POST) or 
list (using GET or POST). 


echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} (Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} (Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} (Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


Login credentials 


username={value} (Required to create record, optional to update record) The 
user name for a VMware account. A maximum of 13 
characters (ascii) may be specified. 


password={value} (To create record password or login_type=vault is required) 
The password for a VMware account. Maximum 100 
characters (ascii). 


login_type={basic|vault|vce (To create record password or login_type=vault is required) 

nter} Set to vault if a third party vault will be used to retrieve 
password. Vault parameters need to be provided in the 
record. See Vault Definition 
Set to “vcenter” to scan ESXi hosts through vCenter. The 
VMware record will include your ESXi IP addresses. You 
also need a vCenter authentication record with the 
vCenter IP addresses that map to your ESXi hosts. 
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Description 


port={value} 


(Optional) The service communicates with ESXi web 
services on port 443 and another port can be configured. 
When unspecified, port 443 is used. 


hosts={value} 


(Optional) A list of FQDNs for the hosts that correspond to 
all ESXi host IP addresses on which a custom SSL 

certificate signed by a trusted root CA is installed. Multiple 
hosts are comma separated. 


ssl_verify={value} 


(Optional) Specify “all” for a complete SSL certificate 
validation. Specify “skip” if the host SSL certificate is self- 
signed or uses an SSL certificate signed by a custom root 
CA. Specify “none” for no SSL verification. 


is_disconnect={0|1} 


(Optional) Specify 0 (the default) if the ESXi hosts are not 
disconnected. Specify 1 if the ESXi hosts are disconnected 
and you don’t want to send any traffic to the ESXi hosts. 


Note: is_disconnected=1 is only valid when 
login_type=vcenter 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record) Add IPs and/or ranges to the 
IPs list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the record. 


Sample - Create VMware record 


API request: 


curl -u 


ERNAME : PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
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-d 
"action=create&title=NewVMwareRecordWithAPI&username=USERNAME&pass 
word=PASSWORD&ips=10.10.10.2-10.10.10.4" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" > 
apiOutputCreateVMwareRecord.txt 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-02-137T21:16:41Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>30486</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update VMware record 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -d 
"action=updateéids=1344232&is disconnect=1" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 


XML output: 


<?xml version=""1.0"" encoding=""UTF-8"" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2021-11-03T12:19:41Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>1344232</ID> 
</ID_SET> 
</BATCH> 
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</ 


</BATCH LIST> 
RESPONSE> 


</BATCH RETURN> 


Sample - List VMware record 


API request: 


curl 


-u “USERNAME: PAS 
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SWORD" -H "X-Requested-With:curl" -X "POST" - 
d "action=listédetails=A11" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" 


XML output: 
<?xml version=""1.0"" encoding=""UTF-8"" ?> 
<!DOCTYPE AUTH VMWARE LIST OUTPUT SYSTEM 


"htt 
LSE." 
<AUT 

<R 


ps://qualysapi.qualys.com/api/2.0/fo/auth/vmware/auth vmware 1 


output.dtd"> 
H VMWARE LIST OUT 
ESPONSE> 
<DATETIME>2021-11 
<AUTH VMWARE LIST 


<AUTH_ VMWARE> 
<ID>409187</I 


Gl 


<TITLE><! [CDATA[VMware Basic] ]></TITLI 


<USERNAME><! [ 
<PORT>443</PO 


PUT> 


-22T07:32:212</DATETIME 


> 


D> 


CDATA [root] ]></USERNAM 


E> 


RT> 


<SSL_VERIFY><! [CDATA[skip]]></SSL VER 


<IP_SET> 
0.20.3 


A 
H 
g 
V 
J = 


<LOGIN TYPE>< 
ETWORK_ ID>0 


BY>joe_use 


<AUTH_VMWARE> 
<ID>1344231</ 


<TITLE><! [CDATA[VMware Disconnected Disabled] ]></TITL 


<PORT>443</PO 
<IP_SET> 

<I PP 1.0, Ae Tok 
</IP_SET> 


0.40</IP> 


! [CDATA [basic] ]></LOGIN TYP 


</NETWORK_ID> 


ea) 
V 


IFY> 


ETIME 


r</BY> 


R 
<DATETIME>2020-01-23T07:55:132Z</DAT 
< 
C 


ED> 
020-01-23T07:55:13Z</DAT 


ETIME 


ED> 


ID> 


RT> 


2.13</IP> 
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<LOGIN TYPE><! [CDATA[vcenter]]></LOGIN TYPE> 
<DISCONNECTED ESXI>0</DISCONNECTED ESXI> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2021-11-03T12:09:532</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2021-11-10T13:11:232</DATETIME> 
</LAST MODIFIED> 
</AUTH_VMWARE> 
<AUTH VMWARE> 
<ID>1344232</ID> 
<TITLE><! [CDATA[VMware Disconnected Enabled] ]></TITL 
<PORT>443</PORT> 
<IP_SET> 
<IP>8.9.10.11</IP> 
</IP_SET> 
<LOGIN TYPE><! [CDATA[vcenter]]></LOGIN TYPE> 
<DISCONNECTED ESXI>1</DISCONNECTED ESXI> 
<NETWORK_ID>0</NETWORK_ID> 
<CREATED> 
<DATETIME>2021-11-03T12:16:362Z</DATETIME> 
<BY>joe_user</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2021-11-10T13:10:172Z</DATETIME> 
</LAST MODIFIED> 
</AUTH_VMWARE> 
</AUTH_ VMWARE LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN>joe_user</USER_LOGIN> 
<FIRST NAME>Joe</FIRST NAME> 
<LAST NAME>User</LAST NAME> 
</USER> 
</USE 
</GLOSSARY> 
</RESPONSE> 
</AUTH_VMWARE_LIST_OUTPUT> 


ie 
V 


DTDs for auth type “vmware” 
<platform API server>/ap1/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/vmware/auth_vmware_list_output.dtd 
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/api/2.0/fo/auth/windows/ 


[POST] 


Create, update, list and delete Windows records for authenticating to Windows systems. 
Vulnerability and Compliance scans are supported (using VM, PC). 


Download Qualys User Guide - Windows Authentication (.pdf) 


Input Parameters 


Parameter 


Description 


action={action} 


(Required) Specify create, update, delete (using POST) or 
ist (using GET or POST). 


echo_request={0|1} 


Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ids={value} 


Required to update or delete record) Record IDs to 
update/delete. Specify record IDs and/or ID ranges (for 
example, 1359-1407). Multiple entries are comma 
separated. 


title={value} 


Required to create record) A title for the record. The title 
must be unique. Maximum 255 characters (ascii). 


comments={value} 


(Optional to create or update record) User defined 
comments. Maximum of 1999 characters. 


use_agentless_tracking= 
[0|1} 


(Optional to create or update record) Specify 1 to enable 
Agentless Tracking. 


Login credentials 


username={value} 


(Required to create record, optional to update record) The 
username for the Windows account to be used for 
authentication on target hosts. The username may include 
1-31 characters (ascii). 


password={value} 


(To create record password or login_type=vault is required) 
The password of the Windows account to be used for 
authentication. Maximum 100 characters (ascii). 


login_type={basic|vault} 


(To create record password or login_type=vault is required) 
Set to vault if a third party vault will be used to retrieve 
password. Vault parameters need to be provided in the 
record. See Vault Definition 
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Description 


windows_ad_domain= 
[value) 


(Optional) The Windows Active Directory domain name for 
domain level authentication. When specified, we'll use an 

Active Directory forest to authenticate to hosts in a certain 
domain within the framework. You'll need to enter a Fully 

Qualified Domain Name (FQDN). See Windows Domains 


This parameter and the windows_domain parameter 
cannot be specified in the same request. 


This parameter and the ips parameter cannot be specified 
in the same request. 


windows_domain={value} 


(Optional) The Windows NetBIOS domain name for domain 
level authentication. See Windows Domains 


This parameter and the windows_ad_domain parameter 
cannot be specified in the same request. 


When the ips parameter is also specified, the domain type 
is NetBIOS, User-Selected IPs. We’ll use NetBIOS to 
authenticate to the IPs in the domain configuration. 


When the ips parameter is not specified, the domain type 
is NetBIOS, Service-Selected IPs. We’ll use NetBIOS to 
authenticate to hosts in the domain using credentials 
stored on the domain. 


ntlm={0|1} 


Optional) When not specified, NTLM authentication is 
enabled allowing the scanning engine to try the NTLM 
authentication protocol when negotiating authentication 
to target hosts. Specify ntlm=0 if you do not want the 
NTLM authentication protocol attempted for the hosts 
defined in the Windows record. This may be the case if the 
target hosts are running a version of Windows that 
supports a more secure authentication protocol like 
Kerberos. When NTLM authentication is disabled, it will 
not be attempted even if other methods like NTLMSSP and 
Kerberos fail. 


Target Hosts 


ips={value} 


(Required to create record) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record) IPs specified will overwrite 
existing IPs in the record, and existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 
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Description 


add_ips={value} 


(Optional to update record) Add IPs and/or ranges to the IPs 
list for this record. Multiple IPs/ranges are comma 
separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


Optional to update record) IPs to be removed from your 
record. You may enter a combination of IPs and ranges. 
Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


network_id={value} 


(Optional to create or update record, and valid when the 
networks feature is enabled) The network ID for the record. 


Target Hosts with Tag 
Support 


Note: Applicable only when you have Asset Tagging and 
Tag Support for Authentication Records enabled for your 
subscription. 


asset_type=[ips|asset_tags| 
ip_range_tag rule) 


Optional) Indicates how assets will be defined in the 
record. Valid values are ips (the default), asset_tags, 
ip_range_tag rule. When not specified, we'll use 
asset_type=ips 


ips - Specify this value to assign IP addresses/ranges to the 
record. 


asset_tags - Specify this value to add tags to the record for 
the assets you want included. IP addresses with the 
selected tags already assigned will be associated with the 
record. 


ip_range_tag rule - Specify this value to add tags that have 
IP address ranges defined in the tag rule. All IP addresses 
defined in the tag rule will be associated with the record, 
including IPs that don’t already have the tag assigned. 


tag set_by=[id|name) 


(Optional when asset_type=asset_tags or 

ip_range_tag rule) Specify “id” (the default) to select a tag 
set by providing tag IDs. Specify “name” to select a tag set 
by providing tag names. 


tags_include=(tag1,tag2...} 


Required when asset_type=asset_tags or 
ip_range_tag_rule) 

Specify a tag set to include in the record. Hosts that match 
these tags will be included. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. To specify tag names, you must also specify 
tag_set_by=name. 
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tags_exclude={tag1,tag2,...} 


(Optional when asset_type=asset_tags or 
ip_range_tag_rule) 

Specify a tag set to exclude from the record. Hosts that 
match these tags will be excluded. You identify the tag set 
by providing tag name or IDs. Multiple entries are comma 
separated. To specify tag names, you must also specify 
tag_set_by=name. 


tag include_selector=[any|a 
1} 


Optional when asset_type=asset_tags or 
ip_range_tag_rule) Select “any” (the default) to include 

hosts that match at least one of the selected tags. Select 
“all” to include hosts that match all of the selected tags. 


tag_exclude_selector={any| 
all} 


Optional when asset_type=asset_tags or 
ip_range_tag_rule) Select “any” (the default) to exclude 

hosts that match at least one of the selected tags. Select 
“all” to exclude hosts that match all of the selected tags. 


ips={value} 


Required to create record when asset_type=ips or 
asset_type is not specified) The IP address(es) the server 
will log into using the record’s credentials. Multiple entries 
are comma separated. 


(Optional to update record when asset_type=ips) IPs 
specified will overwrite existing IPs in the record, and 
existing IPs will be removed. 


This parameter and the add_ips parameter or the 
remove_ips parameter cannot be specified in the same 
request. 


add_ips={value} 


(Optional to update record when asset_type=ips) Add IPs 
and/or ranges to the IPs list for this record. Multiple 
IPs/ranges are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 


remove_ips={value} 


(Optional to update record when asset_type=ips) IPs to be 
removed from your record. You may enter a combination of 
IPs and ranges. Multiple entries are comma separated. 


This parameter and the ips parameter cannot be specified 
in the same request. 
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Parameter Description 


Protocols 


For Windows domain level authentication, all three authentication protocols are 
supported. 

Kerberos and NTLMv2 are enabled by default in new records. If NTLM was enabled in 
a record prior to this release, then NTLMv1 is enabled. 


For Windows local host level authentication, NTLMv2 and NTLMv1 protocols are 
supported. 

NTLMv2 is enabled by default in new records. If NTLM was enabled in a record prior 
to this release, then NTLMv1 is enabled. 


kerberos={0|1} (Optional) When not specified, Kerberos is enabled 
allowing the scanning engine to try Kerberos when 
negotiating authentication to target hosts. Specify 
kerberos=0 if you do not want Kerberos attempted. 


Kerberos is supported for domain authentication only. 
When kerberos=1 you must define a domain name for 
Windows Active Directory (windows_ad_domain) or 

NetBIOS (windows_domain) for the record. 


ntlmv2={0|1} (Optional) When not specified for a new record, NTLMv?2 is 
enabled allowing the scanning engine to try NTLMv2 when 
negotiating authentication to target hosts. Specify 
ntlmv2=0 if you do not want NTLMv2 attempted. 


ntlm=({0|1} (Optional) When not specified, NTLMv1 will not be 
attempted. Specify ntlm=1 to allow the scanning engine to 
try NTMLv1 when negotiating authentication to target 
hosts. 


SMB signing 


SMB Signing option is disabled by default, meaning SMB signing is not required. This 
is the recommended setting. When disabled, we can authenticate to any Windows 
version 

regardless of how SMB signing is configured on the target. You are not protected, 
however, against man-in-the-middle (MITM) attacks. 


require_smb_signing={0|1} (Optional) Set to O (default) when SMB signing is not 
required. 


Set value to 1 to require SMB signing. Should I require SMB 
signing? The answer is No in most cases. If you enable this 
option in your record, we will require each Windows target 
to support SMB signing. If SMB signing is disabled on a 
target host, authentication will fail and the host will not be 
scanned. This option protects against MITM attacks but we 
won't be able to authenticate to some hosts. 


minimum_smb_version= (Optional) The minimum SMB protocol version. Valid 
{value} values are: 1, 2.0.2, 2.1, 3.0, 3.0.2, 3.1.1, and “” (empty string 
means no version set). 
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Windows Domains 
- Supported domain types: Active Directory, NetBIOS User-Selected IPs, NetBIOS Service- 
Selected IPs. 


- Authentication is performed at the local host level when a domain name is not defined 
for Active Directory (windows_ad_domain) or NetBIOS (windows_domain). 


- Once a Windows record is saved, you cannot change the domain type from Active 
Directory to NetBIOS or from NetBIOS to Active Directory. 


Sample - Create Windows Record 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"action=create&title=API v2 utwrx mp Windows é&username=Userépasswor 
d=Passwordéips=10.10.10.200" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/windows/batch_ return 
-dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2018-04-137T21:16:41Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>30486</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create Windows Record with Tags 
In this sample, a new Windows record is created with asset_type=asset_tags. 


API request: 


curl -H "X-Requested-With: curl" -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/windows/?action=crea 
te&title=windowséusername=rooté&asset type=asset tags&tags include= 
agl&tag include selector=allé&tags exclude=ag20étag set _by=name&tag 
_exclude_ selector=all" 
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<?xml version="1.0" encoding="UTF-8" 


<!DOCTYPE 


"https://qualysapi.qualys.com/api/2.0/batch_ ret 


BATCH RETURN SYSTEM 


<BATCH RETURN> 


<RES PONSE> 


?> 


T 
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urn.dtd"> 


<DATETIME>2021-03-11T00:45:312</DATETIME> 


<BATCH 


_LIST> 
<BATCH> 


<TEXT>Successfully Created</TFXT> 


<ID_SET> 


</ID_SET> 
</BATCH> 


</BATCH_ LIST> 


</RES 


PONSE> 


</BATCH R 


ETURN> 


Sample - List windows records 


API request: 


curl -u 


"action=lis 


"USERNAME : PASSWORD" 
t&ids=1310338é&details=A11" 


<ID>204027</ID> 


-H "X-Requested-With:curl" 


-X POST 


"https://qualysapi.qualys.com/api/2.0/fo/auth/windows/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
AUTH WINDOWS LIST OUTPUT SYSTEM 


<!DOCTYPE 


?> 


"https://qualysapi.qualys.com/api/2.0/fo/auth/windows/auth windows 
_list_output.dtd"> 


<AUTH WIN 


DOWS LIST OUTPUT> 


<RES PONS 


E> 


<DATET 


IM 


<AUTH ` 
<AUT 
<I 

<T 

<U 

<I 


</ 


<DATETIME>2018-04-30T09:28:00Z</DATETIME 
<BY>acme_jd</BY> 


WINDOWS LIST> 


H WINDOWS> 
D>1310338</ID> 


P SET> 


IP SET> 
REATED> 


</CREATED> 


<IP>10.10.10.202</IP> 
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E>2018-04-30T09:29:45Z</DATETIME> 


ITLE><! [CDATA[Windows Record 1]]></TITL 
SERNAME><! [CDATA[acme_jd] ] ></USERNAME> 


eal 
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<LAST MODIFIED> 
<DATETIME>2018-04-30T09: 28: 432</DATETIME> 
</LAST MODIFIED> 
<COMMENTS><! [CDATA[My comments on Windows Record 
1] ]></COMMENTS> 
</AUTH_WINDOWS> 
</AUTH WINDOWS LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN>acme_jd</USE 
<FIRST NAME>John</FIRST NAME> 
<LAST NAME>Doe</LAST NAME> 
</USER> 
</USER_LIST> 
</GLOSSARY> 
</RESPONSE> 
</AUTH WINDOWS LIST OUTPUT> 


| wv 
i 
O 
Q 
H 
= 
V 


DTDs for auth type “windows” 
<platform API server>/api/2.0/batch_return.dtd 


<platform API server>/api/2.0/fo/auth/windows/auth_windows_list_output.dtd 
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Create, update, list and delete Oracle HTTP Server records for authenticating to Unix and 
Windows systems. Vulnerability and Compliance scans are supported (using VM, PC). User 
permissions for this API are the same as other authentication record APIs. Note that the 

API supports authentication record creation only for Oracle Server installed on respective 


OS - Unix or Windows. 


Input parameters 


Parameter 


Description 


title={value} 


(Required to create record) A title for the record. The title must 
be unique. Maximum 255 characters (ascii). 


network_id={value} 


(Optional and valid when the networks feature is enabled) The 


network ID for the record. 


add_ips={value} 


Optional to update record) Add IPs to the IPs list for this 
record. Multiple IPs/ranges are comma separated. 


comments={value} 


Optional to create or update record) User defined comments. 
Maximum of 1999 characters. 


action={action} 


using GET or POST). 


Required) Specify create, update, delete (using POST) or list 


ips={value} 


comma separated. 


Optional to update record) IPs speci 
Ps in the record, and existing IPs wi 


] be remove 


Required to create record) The IP address(es) the server will 


log into using the record’s credentials. Multiple entries are 


fied will overwrite existing 


d. 


ids={value} 


auth record IDs to update. 


Required to update or delete record 


Specify record IDs and/or ID ranges 
Multiple entries are comma separated. 


Record Oracle HTTP type 


for example, 1359-1407). 


Unix Configuration 


unix_home_path={value} 


Maximum of 255 characters. 


Required to create or update record if Unix wor 
selected) The root directory path for Oracle HTT 


king mode is 
P Server. 


unix_domain_path={value} 


Maximum of 255 characters. 


Required to create or update record if Unix wor 
selected for Oracle HTTP Server 12c 
to the top level directory where dom 


and higher) 


king mode is 
Absolute path 


ains are configured. 


unix_inst_path={value} 


255 characters. 


Required to create or update record if Unix wor 


selected for Oracle HTTP Server 11g 
level directory where instances are configured. Maximum of 


king mode is 


Absolute path to the top 
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Description 


unix_inst_name=[value) 


(Optional) The Oracle HTTP server instance name. Maximum 
of 4000 characters. 


Windows Configuration 


windows_home_path={value} 


Required to create or update record if Windows working mode 
is selected) The home directory path. Maximum of 255 
characters. 


windows_domain_path={value} 


Required to create or update record if Windows working mode 
is selected for Oracle HTTP Server 12c and higher) Absolute 
path to the top level directory where domains are configured. 
Maximum of 255 characters. 


windows_inst_path={value} 


Required to create or update record if Windows working mode 
is selected for Oracle HTTP Server 11g) Absolute path to the 
top level directory where instances are configured. Maximum 
of 255 characters. 


windows_inst_name={value} 


Optional) The Oracle HTTP server instance name. Maximum 
of 4000 characters. 


Sample - Create Oracle HTTP Server 11g Record(s) on Unix 


API request: 


curl -u 


"US 


ERNAM 


-d 


E:PASSWORD" -S -H 'X-Requested-With:curl demo2' 


"action=createétitle=Oracle HTTP Unix 

server ll&unix home path=/opt/Oracle/Middleware/Oracle WTléunix in 
st_path=/opt/Oracle/Middleware/Oracle WT1l/instances/instanceléunix 
_inst_name=ohs1éips=10.11.70.24" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
BATCH RETURN SYSTEM 
/qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 


<!DOCTYPE 
"https: / 


<BATCH RETURN> 


<R 


ESPONS 


E> 


<DAT 


ETIME>2019-10-15T05:51:21Z</DAT 


?> 


ETIME> 


<BATCH_LIST> 


</R 


</BATCH_ 


<BATCH> 
<T 
<I 


EXT>Successfully Created</TEXT> 
D SET> 


<ID>1530246</ID> 


</ 1 
</BATCH> 


E> 


ESPONS 


</BATCH RETURN> 


D SET> 


LIST> 
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Sample - Create Oracle HTTP Server 11g Record(s) on Windows 
API request: 


curl -u "USERNAME:PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 
"action=createétitle=Oracle HTTP Windows server 11&windows_ home pa 
th=C:\Middleware\Oracle WTl&windows inst path=C:\Middleware\Oracle 
_WT1\instances\instanceléwindows inst name=ohs1l&ips=10.11.70.193" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https: //qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-10-15T05:50:01Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>1530243</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Create Oracle HTTP Server 12c Record(s) on Unix 
API request: 


curl -u "USERNAME: PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 
"action=createétitle=Oracle HTTP Unix 

server 12&unix home path=/opt/Oracle/Middleware/Oracle Homeéunix d 
omain path=/opt/Oracle/Middleware/Oracle Home/user projects/domain 
s/base domain&windows inst name=ohs1l&ips=10.11.70.68" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE BATCH RETURN SYSTEM 

"https: //qualysapi.qualys.com/api/2.0/batch_return.dtd"> 

<BATCH RETURN> 

<RESPONSE> 
<DATETIME>2019-10-15T05:45:50Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
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<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>1530234</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 


</BATCH RETURN> 


Sample - Create Oracle HTTP Server 12c Record(s) on Windows 


API request: 


curl -u "USERNAME:PASSWORD" -S -H 'X-Requested-With:curl demo2' 
"action=createétitle=Oracle HTTP Windows 

server 12&windows home path=C:\Oracle\Middleware\Oracle Home&windo 
ws domain path=C:\Oracle\Middleware\Oracle Home\user projects\doma 
ins\base domain&windows inst path=C:\Oracle\Middleware\Oracle Home 
\instances\instancel&éwindows inst name=ohslé&ips=10.11.70.84" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


-d 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-10-15T05:48:55Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Created</TEXT> 
<ID_SET> 
<ID>1530241</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 


?> 


</R 
</BAT 


ESPONS 


E> 


CH_RET 


URN> 


Sample - Update Oracle HTTP Server 11g Record(s) on Unix 


API request: 


curl -u "USERNAME :PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 
"action=update&ids=1530246&unix home path=/opt/Oracle/Middleware/O 
racle WTléunix inst_path=/opt/Oracle/Middleware/Oracle WTl/instanc 


es/instancel&unix inst name=ohslç&ips=10.11.70.24&comments=ohs unix 
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auth record updated" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-10-15T06:01:38Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>1530246</ID> 
</ID_SET> 
</BATCH> 
</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Oracle HTTP Server 11g Record(s) on Windows 
API request: 


curl -u "USERNAME:PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 
"action=updateé&ids=1530243&windows home path=C:\Middleware\Oracle _ 
WTl&windows inst _path=C:\Middleware\Oracle WT1\instances\instancel 
&windows inst name=ohsléips=10.11.70.193&comments=ohs wind auth 
record updated" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-10-15T06:05:43Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>1530243</ID> 
</ID_SET> 
</BATCH> 
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</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Oracle HTTP Server 12c Record(s) on Unix 
API request: 


curl -u "USERNAME:PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 
"action=update&ids=1530234&unix home path=/opt/Oracle/Middleware/0O 
racle_Homesunix domain path=/opt/Oracle/Middleware/Oracle_Home/use 
r projects/domains/base domain&windows inst name=ohs1&ips=10.11.70 
.68&comments=ohs unix auth record updated" 

"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-10-15T06:14:31Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>1530234</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - Update Oracle HTTP Server 12c Record(s) on Windows 
API request: 


curl -u "USERNAME:PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 
"action=updateé&ids=1530241&windows home path=C:\Oracle\Middleware\ 
Oracle Home&windows domain _path=C:\Oracle\Middleware\Oracle Home\u 
ser projects\domains\base domainé&windows inst path=C:\Oracle\Middl 
eware\Oracle Home\instances\instanceléwindows inst _name=ohslé&ips=1 
0.11.70.84&comments=ohs wind auth record updated" 

"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
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<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH RETURN> 
<RESPONSE> 
<DATETIME>2019-10-15T06:11:46Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Updated</TEXT> 
<ID_SET> 
<ID>1530241</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH RETURN> 


Sample - List Oracle HTTP Server Records with Basic Details 
API request: 


curl -S -H 'X-Requested-With:curl demo2' -u "USERNAME: PASSWORD" -d 
"action=list&details=Basic&ids=1505927" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH ORACLE HTTP SERVER LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http server/a 
uth oracle http server list output.dtd"> 
<AUTH ORACLE HTTP SERVER LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2019-10-04T07:28:22Z</DATETIME> 
<AUTH_ ORACLE HTTP SERVER _LIST> 
<AUTH ORACLE HTTP SERVER> 
<ID>1505927</ID> 
<TITLE><! [CDATA[Oracle HTTP Unix server] ]></TITLE> 
<IP_SET> 
<IP>10.11.70.24</IP> 
</IP_SET> 


T 


<UNIX> 


Gl 


<HOME PATH><! [CDATA[/opt/Oracle/Middleware/Oracle WT1]]></HOM 
H> 


_PAT 
<DOMAIN PATH><! [CDATA[]]></DOMAIN_PATH> 


<INST PATH><! [CDATA[/opt/Oracle/Middleware/Oracle WT1/instances/in 
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stancel]]></INST PATH> 
<INST_NAME><! [CDATA [ohs1] ]></INST_NAME> 
</UNIX> 
<CREATED> 
<DATETIME>2019-10-03T12:24:04Z</DATETIME> 
<BY> john_doe</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2019-10-03T12:24:042Z</DATETIME> 
</LAST MODIFIED> 
</AUTH_ ORACLE HTTP SERVER> 
</AUTH ORACLE HTTP SERVER LIST> 
</RESPONSE> 
</AUTH_ORACLE HTTP SERVER LIST _OUTPUT> 
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the 
QualysGuard Service "As Is," without any warranty of any kind. 
Qualys makes no warranty that the information contained in this 
report is complete or error-free. Copyright 2019, Qualys, Inc. //- 
-> 


Sample - List Oracle HTTP Server Records with All Details 


API request: 


curl -S -H 'X-Requested-With:curl demo2' -u "USERNAME :PASSWORD" -d 
"action=list&details=All&ids=1505927" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH ORACLE HTTP SERVER LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/auth/oracle http _server/a 
uth oracle http server list output.dtd"> 
<AUTH ORACLE HTTP SERVER LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2019-10-04T07:29:33Z</DATETIME> 
<AUTH_ ORACLE HTTP SERVER _LIST> 
<AUTH ORACLE HTTP SERVER> 
<ID>1505927</ID> 
<TITLE><! [CDATA[Oracle HTTP Unix server] ]></TITLE> 
<IP SETS 
<IP>10.11.70.24</IP> 
</IP_SET> 
<UNIX> 


T 


EI 


<HOME PATH><! [CDATA[/opt/Oracle/Middleware/Oracle WT1]]></HOM 
H> 


_ PAT 
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OMAIN PATH><! [CDATA[]]></DOMAIN PATH> 


! [CDATA[/opt/Oracle/Middleware/Oracle WT1/instances/in 
INST PATH> 


NST _NAME><! [CDATA[ohs1]]></INST NAME> 
IX> 


<CREATED> 


<DATETIME>2019-10-03T12:24:04Z</DATETIME> 


<B 
</CR 
<LAS 


Y> john_doe</BY> 
KATED> 
T MODIFIED> 


<DATETIME>2019-10-03T12:24:04Z</DATETIME> 


</LAST MODIFIED> 
</AUTH_ORACLE HTTP SERVER> 
</AUTH ORACLE HTTP SERVER LIST> 
<GLOSSARY> 
<USER_LIST> 
<USER> 
<USER_LOGIN> john_doe</USER_LOGIN> 
<FIRST NAME>John</FIRST NAME> 
<LAST NAME>Doe</LAST NAME> 
</USER> 
</USER_LIST> 
</GLOSSARY> 


</RESPONSE 


</AUTH_ORACL 


> 
F HTTP SERVER LIST OUTPUT> 


<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the 


QualysGuard 
Qualys makes 


Service "As Is," without any warranty of any kind. 
no warranty that the information contained in this 


report is complete or error-free. Copyright 2019, Qualys, Inc. //- 


= 


Sample - Delete Oracle HTTP Server Record(s) 


API request: 


curl -u "USERNAME:PASSWORD" -S -H 'X-Requested-With:curl demo2' -d 


"action=delete&ids=1507609" 


"https://qua 


XML output: 


lysapi.qualys.com/api/2.0/fo/auth/oracle http server/" 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 


"https://qua 


lysapi.qualys.com/api/2.0/batch_ return.dtd"> 


<BATCH RETURN> 


<RES PONSE> 
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<DATETIME>2019-10-04T09:19:502Z</DATETIME> 
<BATCH LIST> 
<BATCH> 
<TEXT>Successfully Deleted</TEXT> 
<ID_SET> 
<ID>1507609</ID> 
</ID_SET> 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH RET URN> 


DTDs for auth type “oracle_http_server” 
<platform API server>/api/2.0/fo/auth/auth_records.dtd 


<platform API 
server>/api/2.0/fo/auth/oracle_http_server/auth_oracle_http_server_list_output.dtd 
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vCenter - ESXi Mapping Records 
/api/2.0/fo/auth/vcenter/vcenter_mapping/ 


[POST] 


Input Parameters 


The following table shows input parameters used for listing, importing and purging 
vCenter - ESXi mapping data. 


Parameter Description 


echo_request={0|1} Optional) Specifies whether to echo the request’s input 
parameters (names and values) in the XML output. When not 
specified, parameters are not included in the XML output. 
Specify 1 to view parameters in the XML output. 


action={action} Required) One action (list, import or purge) required for the 
request. 
id_min={value} Optional to list) Used to filter the XML output to show only 


vulnerabilities that have a QID number greater than or equal 
to a QID number you specify. 


id_max=({value} Optional to list) Used to filter the XML output to show only 
vulnerabilities that have a QID number less than or equal to a 
QID number you specify. 


output_format={XML|CSV} Optional to list) Specifies the format of the mapping list 
output. When not specified, the output format is CSV. A valid 
value is XML or CSV. 


truncation_limit={value} Optional to list) Specifies the maximum number records 
listed per request. 


vcenter_ip={value} Optional to list) Specifies the IP address of the vCenter. 
esxi_ip={value} Optional to list) Specifies the IP address of the ESXi server. 
network_id={1|0} Optional) By default, the parameter is set to 0. If this 


parameter is not provided, it will be Global Default Network. 


csv_data={value} (Required to import and purge) The CSV data file containing 
the vCenter - ESXi mapping records that you want to 
add/purge. This parameter or xml_data must be specified. The 
parameters csv_data and xml_data cannot be specified in the 
same request. 


xml_data={value} Required to import and purge) The XML data file containing 
the vCenter - ESXi mapping records that you want to 
add/purge. This parameter or csv_data must be specified. The 
parameters csv_data and xml_data cannot be specified in the 
same request. 
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Sample - List vCenter - ESXi Mapping in CSV Format 
API request: 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/?ac 
tion=list" 


OR 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/?ac 
tion=listé&output_format=csv" 


CSV output: 


----BEGIN_RESPONSE_BODY_CSV 

vCenter IP,ESXi IP,Mapping Data Source 
WIT LT T "30230430:.23") "File" 
"10.10.10.10","10.10.10.12","File" 
----END_RESPONSE_BODY_ CSV 
----BEGIN_RESPONSE_FOOTER_CSV 

"Status Message" 
"Finished" 
----END_RESPONSE_FOOTER_CSV 


Sample - List vCenter - ESXi Mapping in XML Format 
API request: 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/?ac 
tion=list&output_format=xml" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE VCENTER ESXI MAP LIST OUTPUT SYSTE 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/vce 
nter esxi map list output.dtd"> 
<VCENTER ESXI MAP LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2020-05-22T16:49:40Z</DATETIME> 
<VCENTER ESXI MAP LIST> 
<VCENTER ESXI MAP> 
<VCENTER_IP>11.11.11.11</VCENTER_IP> 
< 
< 


T 


ESXI_IP>30.30.30.23</ESXI_IP> 
IAPPING DATA SOURCE>File</MAPPING DATA SOURCE> 

</VCENTER_ESXI_MAP> 

NTER_ESXI_MAP> 

<VCENTER_IP>10.10.10.10</VCENTER_IP> 

s 

< 


U 


H 
w 


ESXI_IP>10.10.10.12</ESXI_IP> 
IAPPING DATA SOURCE>File</MAPPING DATA _SOURCE> 
</VCENTER_ESXI_MAP> 
</VCENTER_ESXI_MAP LIST> 
</RESPONSE> 
</VCENTER_ESXI_MAP LIST OUTPUT> 
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DTD for vCenter - ESXi Mapping 


<platform API 
server>/api/2.0/fo/auth/vcenter/vcenter_mapping/vcenter_esxi_map_list_output.dtd 


Sample - Import vCenter - ESXi Mapping 

You'll be able to import vCenter - ESXi mapping in the CSV and XML format. You can 
provide CSV or XML data in API call or in the file. 

CSV Data in API Call 


Following is the sample API request when you want to import mapping using CSV data in 
API call. 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-With: curl' --data-binary 
"action=importé&csv_data=vCenter IP,ESXi 
TP%0A10.10.10.10,10.10.10.11%0A10.10.10.10,10.10.10.12" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


XML Data in API Call 


Following is the sample API request when you want to import mapping using XML data in 
API call. 


API request: 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' --data-binary 
"action=import&xml_data=<VCENTER_ESXI_MAP LIST><VCENTER_ESXI_MAP><VCENTER 
_IP>11.11.11.11</VCENTER_IP><ESXI_IP>22.22.22.22</ESXI_IP></VCENTER_ESXI_ 
MAP><VCENTER ESXI_MAP><VCENTER IP>11.11.11.12</VCENTER IP><ESXI_IP>22.22. 
22 .23</ESXI_IP></VCENTER_ESXI_MAP></VCENTER_ESXI_ MAP LIST>" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


CSV Data in File 


Following is the sample API request when you want to import the mapping using a file 
containing CSV data. In the sample request, add.csv is a CSV data file. 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-with: curl’ --data-binary 
"@add.csv" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


Sample content of add.csv file: 


action=importé&csv_data= 
vCenter IP,ESXi IP 

10.10.10.10,20.20.20.20 
10.10.10.10,20.20.20.21 
10.10.10.10,20.20.20.22 
11211.11.11, 30.30.3023 
12.12.12.12,40.40.40.24 
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XML Data in File 


Following is the sample API request when you want to import the mapping using a file 
containing XML data. In the sample request, add.xml is a XML data file. 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-with: curl' --data-binary 
"@add.xml" 


"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


Sample content of add.xml file: 


action=import&xml_ data= 
<?xml version="1.0" encoding="UTF-8" ?> 
<VCENTER_ ESXI_ MAP LIST> 
NTER_ESXI_MAP> 
<VCENTER_IP>10.10.10.10</VCENTER_IP> 
<ESXI_IP>20.20.20.21</ESXI_IP> 
</VCENTER_ESXI_MAP> 
<VCENTER_ESXI_MAP> 
<VCENTER_IP>10.10.10.10</VCENTER_IP> 
<ESXI_IP>20.20.20.22</ESXI_IP> 
</VCENTER_ESXI_MAP> 
</VCENTER_ESXI_MAP LIST> 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2020-05-07T10:57:232Z</DATETIME> 
<TEXT>Successfully imported 2 records</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


Sample - Purge vCenter - ESXi Mapping 


You'll be able to purge vCenter - ESXi mapping in the CSV and XML format. You can 
provide CSV or XML data in API call or in the file. 


CSV Data in API Call 


Following is the sample API request when you want to purge mapping using CSV data in 
API call. 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-With: curl' --data-binary 
"action=purgeécsv_data=vCenter IP,ESXi 
TPS$0A10.10.10.10,10.10.10.11%0A10.10.10.10,10.10.10.12" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 
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XML Data in API Call 


Following is the sample API request when you want to purge mapping using XML data in 
API call. 


API request: 


curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' --data-binary 

"action=purgeé&xml_data=<VCENTER_ESXI_MAP LIST><VCENTER_ESXI_MAP><VCENTER_ 
IP>11.11.11.11</VCENTER_IP><ESXI_IP>22.22.22.22</ESXI_IP></VCENTER FSXI M 
AP><VCENTER_ ESXI MAP><VCENTER IP>11.11.11.12</VCENTER IP><ESXI_IP>22.22.2 


2.23</ESXI_IP></VCENTER_ESXI_MAP></VCENTER_ESXI MAP LIST>" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


CSV Data in File 


Following is the sample API request when you want to purge the mapping using a file 
containing CSV data. In the sample request, purge.csv is a CSV data file. 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-with: curl' --data-binary 
"@purge.csv" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


Sample content of purge.csv file: 


action=purgeé&csv_data= 
vCenter IP,ESXi IP 

10.10.10.10,20.20.20.20 
10.10.10.10,20.20.20.21 
10.10.10.10,20.20.20.22 
TAL 2 a La 3053030423 
12.12.12.12,40.40.40.24 


XML Data in File 


Following is the sample API request when you want to purge the mapping using a file 
containing XML data. In the sample request, purge.xml is a XML data file. 


API request: 


curl -u "USERNAME :PASSWORD" -H 'X-Requested-with: curl' --data-binary 
"@purge. xml" 
"https://qualysapi.qualys.com/api/2.0/fo/auth/vcenter/vcenter mapping/" 


Sample content of purge.xml file: 


action=purge&xml_data= 
<?xml version="1.0" encoding="UTF-8" ?> 
<VCENTER_ ESXI MAP LIST> 

<VCENTER_ESXI_MAP> 
CENTER _IP>10.10.10.10</VCENTER_IP> 
ESXI_IP>20.20.20.21</ESXI_IP> 
</VCENTER_ESXI_MAP> 
<VCENTER ESXI_ MAP> 


T 


A A Zl 
< 
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<VCENTER_IP>10.10.10.10</VCENTER_IP> 

<ESXI_IP>20.20.20.22</ESXI_IP> 
</VCENTER_ESXI_MAP> 

</VCENTER_ESXI_MAP LIST> 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2020-05-07T10:57:232</DATETIME> 
<TEXT>Successfully purged 2 records</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 
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Vault Support 


Set up and manage integration with third party password vaults, an option for 
authenticated scanning (e.g. trusted scanning). 


Vault summary 


Vault Support matrix View supported vaults by OS and 
supported features (i.e. 
password, key passphrase, 
private key 


Vault settings 


Vault Definition Use Authentication API 
(/api/2.0/fo/auth/*) to add vault 
definition in authentication 
records 


List Vaults Use Vault API (/api/2.0/fo/vault) 
to list vault records 


Manage Vaults Use Vault API (/api/2.0/fo/vault) 
to create, edit, and delete vault 
records 


Vault Support matrix 


Supported vaults by authentication type (OS/technology) and capability (password, private 
key, key passphrase, root delegation tool password). Use the vault name as shown when 
providing vault name using the Qualys API (i.e. vault_type=Quest Vault). 


Vaults can be defined as part of authentication records using the Authentication API 
(/api/2.0/fo/auth/*) except as noted below. Some vaults can be defined using the Vault API 
(/api/2.0/fo/vault). 


password private key key passphrase root delegation 
passwd 


Azure MS SQL (compliance scans only) 


ARCON PAM 

Azure Key 

(UI support only) 
BeyondTrust PBPS 
CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 
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password private key key passphrase root delegation 
passwd 


Cisco 


ARCON PAM 

Azure Key 

CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Thycotic Secret 
Server 


Checkpoint Firewall (compliance scans only) 


ARCON PAM 

Azure Key 
CyberArk AIM 
CyberArk PIM Suite 
Thycotic Secret 
Server 


IBM DB2 


ARCON PAM 

CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 


MariaDB (compliance scans only) 


ARCON PAM 

Azure Key 
Beyond'Irust PBPS 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 

Quest Vault 
Thycotic Secret 
Server 


MongoDB 
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password private key key passphrase root delegation 
passwd 

ARCON PAM Azure Key Azure Key 

Azure Key BeyondTrust PBPS CA Access Control 

BeyondTrust PBPS CyberArk AIM CyberArk AIM 

CA Access Control HashiCorp CyberArk PIM Suite 

CyberArk AIM Thycotic Secret ashiCorp 

CyberArk PIM Suite Server itachi ID PAM 

HashiCorp Lieberman ERPM 

Quest Vault Quest Vault 

Thycotic Secret Thycotic Secret Server 

Server 


MS SharePoint (complian 


ARCON PAM 

Azure Key 
BeyondTrust PBPS 
CA Access Control 
CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 


ce scans only) 


MS SQL (compliance sca 


ARCON PAM 

Azure Key 

(UI support only) 
BeyondTrust PBPS 
CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 


ns only) 


MySQL 


ARCON PAM 

Azure Key 
BeyondTrust PBPS 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 

Quest Vault 
Thycotic Secret 
Server 
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root delegation 
passwd 


Neo4j 


ARCON PAM Vault 
Azure Key 
Beyond'Irust PBPS 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Thycotic Secret 
Server 


Oracle 


ARCON PAM 

Azure Key 
BeyondTrust PBPS 
CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 


Oracle Listener 


(UI support only) 
BeyondTrust PBPS 
CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
Lieberman ERPM 
Quest Vault 

Thycotic Secret 
Server 


Palo Alto Firewall 


Azure Key 
BeyondTrust PBPS 
CyberArk AIM 
CyberArk PIM Suite 
Quest Vault 
Thycotic Secret 
Server 


Pivotal Greenplum 
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password private key key passphrase root delegation 
passwd 
ARCON PAM Azure Key Azure Key 
CA Access Control Beyond rust PBPS CA Access Control 
CyberArk AIM CA PAM CA PAM 
CyberArk PIM Suite CyberArk AIM CyberArk AIM 
ashiCorp HashiCorp CyberArk PIM Suite 
itatchi ID PAM Thycotic Secret ashiCorp 


Quest Vault 
Thycotic Secret 
Server 


Server 


itatchi ID PAM 
Lieberman ERPM 
Quest Vault 

Thycotic Secret Server 


PostgreSQL (compliance 


ARCON PAM 

CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
ashiCorp 
itatchi ID PAM 
Quest Vault 
Thycotic Secret 
Server 


scans only) 


Azure Key 
BeyondTrust PBPS 
CA PAM 

CyberArk AIM 
HashiCorp 
Thycotic Secret 
Server 


Azure Key 

CA Access Control 
CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
ashiCorp 
itatchi ID PAM 
Lieberman ERPM 
Quest Vault 

Thycotic Secret Server 


SAP Hana (compliance scans only) 


ARCON PAM 

Azure Key 
BeyondTrust PBPS 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Thycotic Secret 
Server 
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root delegation 


passwd 


SAP IQ (compliance scan 


Arcon PAM 

Azure Key 
Beyond'Irust PBPS 
CA Access Control 
CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
ashiCorp 
itachi ID PAM 
Liberman ERPM 
Quest Vault 
Thycotic Secret 
Server 

Wallix AdminBastion 


s only) 


Sybase (compliance scan 


ARCON PAM 
CyberArk AIM 
CyberArk PIM Suite 
HashiCorp 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 


s only) 


Unix 


ARCON PAM 

Azure Key 
BeyondTrust PBPS 
CA Access Control 
CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
ashiCorp 
itatchi ID PAM 
Lieberman ERPM 
Quest Vault 

Thycotic Secret 
Server 

Wallix AdminBastion 


ARCON PAM 

Azure Key 
BeyondTrust PBPS 
CA PAM 

CyberArk AIM 
HashiCorp 

Thycotic Secret 
Server 

Wallix AdminBastion 


Azure Key 

CA Access Control 
CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
ashiCorp 
itatchi ID PAM 
Lieberman ERPM 
Quest Vault 

Thycotic Secret Server 


Azure Key 


BeyondTrust PBPS 
CA Access Control 


CA PAM 


CyberArk AIM 


CyberArk P 
ashiCorp 
itatchi ID 
Lieberman 


M Suite 


PAM 


ERPM 


Quest Vault 
Thycotic Secret Server 
Wallix AdminBastion 
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password private key key passphrase root delegation 
passwd 


VMware 


BeyondTrust PBPS 
CA Access Control 
CyberArk AIM 
CyberArk PIM Suite 
Lieberman ERPM 
Quest Vault 
Thycotic Secret 
Server 


Windows 


ARCON PAM 

Azure Key 
Beyond'Irust PBPS 
CA Access Control 
CA PAM 

CyberArk AIM 
CyberArk PIM Suite 
ashiCorp 
itatchi ID PAM 
Lieberman ERPM 
Quest Vault 

Thycotic Secret 
Server 

Wallix AdminBastion 


Vault Definition 


Various record types support adding vault definition as part of authentication record 
settings. When supported these parameters are used to provide the vault definition in 
record settings. 


Parameter Description 


login_type={basic|vault} Required only when you want to create or update vault 
information) Set login_type=vault, to add vault 
information. By default, the parameter is set to basic. 


vault_id={value} Required only when action=create and login_type=vault) 
A vault ID. 


For Windows, vault_id and password parameters are 
mutually exclusive and cannot be specified in the same 
request. 


For Unix, vault_id and password, cleartext_password 
parameters are mutually exclusive and cannot be 
specified in the same request. 
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Vault Definition 


Description 


vault type=[value) 


(Required only when action=create and login_type=vault) 
Want to know what vaults support what technologies and 
capabilities? See Vault Support matrix 

Choose one: 

ARCON PAM 

Azure Key 

BeyondTrust PBPS 

CA Access Control 

CA PAM 

CyberArk AIM 

CyberArk PIM Suite 

HashiCorp 
Hitachi ID PAM (no parameters specific to this vault type.) 
Lieberman ERPM 

Quest Vault 

Thycotic Secret Server 

Wallix AdminBastion (WAB) 


ARGON PAM 


vault_service_type={value} 


(Required if vault type is ARCON PAM) Specify a vault 
service type for authenticating to the vault and launching 
the scan on the host. This value is validated against the 
predefined list of service types. 


Azure Key 


ak_secret_name={value} 


(Required if vault type is Azure Key) The secret name 
assigned to the secret stored in the vault. 


BeyondTrust PBPS 


system_name={value} 


(Optional if vault type is BeyondTrust PBPS) The managed 
system name (also known as asset name). When not 

specified, we’ll attempt to auto-discover the system name 
at scan time. 


account_name={value} 


(Optional if vault type is BeyondTrust PBPS) The account 
name. When not specified, we'll try the username 
specified in the authentication record. 


CA Access Control 


end_point_name={value} 


(Required if vault type is CA Access Control) The End-Point 
name identifies a managed system, either a target for 
ocal accounts or a domain controller for domain 
accounts. An End-Point name is a user-defined value 
within your installation of CA Access Control Enterprise 
Management. The End-Point name entered in this record 
must match a pre-defined name exactly. 


end_point_type={value} 


(Required if vault type is CA Access Control) The End-Point 
type represents the method of access to the End-Point 
system. CA Access Control Enterprise Management uses 
pre-defined values for various methods and the End-Point 
type value must match a pre-defined value exactly. 
Examples: "Windows Agentless" (for Windows accounts) 
and "SSH Device" (for Unix via SSH). 


413 


Parameter 
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Vault Definition 


Description 


end_point_container= 
[value) 


(Required if vault type is CA Access Control ) The End- 
Point container stores configuration values. CA Access 
Control Enterprise Management uses pre-defined values 
for various methods and the End-Point container value 
must match a pre-defined value exactly. Examples: 
"Accounts" (for Windows accounts) and "SSH Accounts" 
(for Unix via SSH). 


CA PAM 


vault_app_name={value} 


(Required) Application name as defined in the vault 
configuration for accessing a specific device. 


vault_device_name={value} 


(Optional) Specify the target device name defined in the 
vault configuration for which you want to retrieve the 
credentials. 


You can use one or more variables when defining the 
device name in order to match several targets that use the 
same naming convention. 

ip} // The IP address of the target, i.e. 10.20.30.40. 
ip_dash} // The IP address of the target with dashes 
instead of dots, i.e. 10-20-30-40. 

${dnshost} // The DNS host name of the target, i.e. 
host.domain. 

${host} // The host name of the target, i.e. host before 
.domain. 

nbhost} // (Windows only) The NetBIOS host name of the 
target in upper-case, i.e. HOST_ABC. 


À 
£ 


Example, device-unix-${ip} will match these 3 devices: 
device-unix-10.50.60.70, device-unix-10.50.60.88 and 
device-unix-10.30.10.12. 


Note: You must specify “vault_device_name” or 
“vault_device_host”, but not both. 
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Parameter 


Vault Support 
Vault Definition 


Description 


vault_device_host={value} 


(Optional) Specify the target device address defined in the 
vault configuration for which you want to retrieve the 
credentials. 


You can use one or more variables when defining the 
device host in order to match several targets that use the 
same naming convention. 

${ip} - The IP address of the target, i.e. 10.20.30.40. 
${ip_dash} - The IP with dashes, i.e. 10-20-30-40. 
${dnshost} - DNS hostname of the target, i.e. host.domain. 
${host} - Hostname of the target, i.e. host before .domain. 
${nbhost} - (Windows only) The NetBIOS name of the 
target in upper-case, i.e. HOST_ABC. 


For example, ${host}-${ip_dash} will match these 3 
devices: host40-10-20-30-40, host80-10-50-60-70 and 
host12-10-30-10-12. 


Note: You must specify “vault_device_name” or 
vault_device_host”, but not both. 


CyberArk AIM 


folder={value} 


Required if vault type is CyberArk AIM) Specify the name 
of the folder in the secure digital safe where the password 
to be used for authentication should be stored. 

The folder name can contain a maximum of 169 
characters. Entering a trailing /, as in folder/, is optional 
when specified, the service removes the trailing / and 
does not save it in the folder name). The maximum length 
of a folder name with a file name is 170 characters (the 
eading and/or trailing space in the input value will be 
removed). These special characters cannot be included in 
a folder name: /:*?"<>|<tab> 


You can use one or more variables when defining the 
folder name in order to match several targets that use the 
same naming convention. 

${ip} - The IP address of the target, i.e. 10.20.30.40. 
${ip_dash} - The IP with dashes, i.e. 10-20-30-40. 
${dnshost} - DNS hostname of the target, i.e. host.domain. 
${host} - Hostname of the target, i.e. host before .domain. 
${nbhost} - (Windows only) The NetBIOS name of the 
target in upper-case, i.e. HOST_ABC. 


For example, ${host}-${ip_dash} will match these 3 targets: 
host40-10-20-30-40, host80-10-50-60-70 and host12-10-30- 
10-12. 
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Parameter 


Vault Support 
Vault Definition 


Description 


file=fvalue} 


(Required if vault type is CyberArk AIM) Specify the name 
of the file in the secure digital safe where the password to 
be used for authentication should be stored. 

The file name can contain a maximum of 165 characters. 
[he maximum length of a folder name plus a file name is 
170 characters (the leading and/or trailing space in the 
input value will be removed). These special characters 
cannot be included in a file name: \/:*? "< > | <tab> 


You can use one or more variables when defining the file 
name in order to match several targets that use the same 
naming convention. 
${ip} - The IP address of the target, i.e. 10.20.30.40. 
${ip_dash} - The IP with dashes, i.e. 10-20-30-40. 
${dnshost} - DNS hostname of the target, i.e. host.domain. 
${host} - Hostname of the target, i.e. host before .domain. 
${nbhost} - (Windows only) The NetBIOS name of the 
target in upper-case, i.e. HOST_ABC. 


For example, ${host}-${ip_dash} will match these 3 targets: 
host40-10-20-30-40, host80-10-50-60-70 and host12-10-30- 
10-12. 


CyberArk PIM Suite 


folder={value} 


Required if vault type is CyberArk PIM Suite) Specify the 
name of the folder in the secure digital safe where the 
password to be used for authentication should be stored. 
The folder name can contain a maximum of 169 
characters. Entering a trailing /, as in folder/, is optional 
when specified, the service removes the trailing / and 
does not save it in the folder name). The maximum length 
of a folder name with a file name is 170 characters (the 
eading and/or trailing space in the input value will be 
removed). These special characters cannot be included in 
a folder name: / : * ? " < > | <tab> 


file={value} 


Required if vault type is CyberArk PIM Suite) Specify the 
name of the file in the secure digital safe where the 
password to be used for authentication should be stored. 
The file name can contain a maximum of 165 characters. 
The maximum length of a folder name plus a file name is 


170 characters 


input value wil 


(the leading and/or trailing space in the 
] be removed). These special characters 


cannot be incl 


uded in a filename: \/:*? "<> |<tab> 


HashiCorp 


secret_kv_path={value} 


(Optional if vault type is HashiCorp) The path of the secret 
engine. The default is “secret/data”. For a custom path, 


please provide 


path in the format "path/to/secret/data". 


Note that we only support Key-Value Secret Engine 
version 2 to retrieve secrets from the HashiCorp Vault. 
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Parameter 


Vault Support 
Vault Definition 


Description 


secret_kv_name={value} 


(Required if vault type is HashiCorp) The secret name 
which stores key-value pairs. 


secret_kv_key={value} 


Required if vault type is HashiCorp) The key name for 
identifying a specific key-value pair. 


Lieberman ERPM 


auto_discover_system_nam 
e={0|1} 


Required if vault type is Lieberman ERPM) Specify 1 to 
enable auto discovery of the system name and 0 to disable 
auto discovery. 

Each system in your ERPM environment has a system 
name and this is needed in order to retrieve the password 
for authentication. Use auto discovery to allow the service 
to find the system name for you at scan time. The service 
uses information known about each host (like the IP 
address and FQDN) to query ERPM for the system name. 
Auto discovery is the only option available when your 
record includes multiple IPs. 


system_name_single_host= 
{value} 


(Required if vault type is Lieberman ERPM) Specify the 
system name that is needed to retrieve password for 
authentication. 


To specify system_name_single_host, ensure that auto 
discovery of system name is disabled 
(auto_discover_system_name=0). If auto discovery of 
system name is enabled (auto_discover_system_name=1), 
specifying system_name_single_host is invalid. 


system_type={value} 


(Required if vault type is Lieberman ERPM) A valid value is 
one of the following system type: auto, windows, unix, 
oracle, mssq, ldap, cisco, custom 


custom_system_type={valu 
e) 


(Required if vault type is Lieberman ERPM) Specify the 
custom system type name. 


custom_system_type is valid only when 
system_type=custom. 


Quest Vault 


system_name={value} 


(Required if vault type is Quest Vault) Specify the system 
name. During a scan we'll perform a search for the system 
name and then retrieve the password. A single exact 
match of the system name must be found in order for 
authentication to be successful. 


Thycotic Secret Server 
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Parameter 


Vault Support 
Vault Definition 


Description 


secret_name={value} 


(Required if vault type is Thycotic Secret Server) Specify 
the secret name that contains the password to be used for 
authentication. The scanning engine will perform a 
search for the secret name and then get the password 
from the secret returned by the search. A single exact 
match of the secret name must be found in order for 
authentication to be successful. The secret name may 
contain a maximum of 256 characters, and must not 
contain multibyte characters. 


Wallix AdminBastion (WAB) 


authorization_name= 
{value} 


Required if vault type is Wallix AdminBastion (WAB)) 
Specify the name of the authorization that enables secret 
retrieval from a group of targets. 


target_name={value} 


Required if vault type is Wallix AdminBastion (WAB)) 
Specify the name of the target device using one of these 
formats: 
user@global_WABdomain 
user@local_WABdomain@device 


where user is the user with access to the target, 
global_WABdomain is a domain name in a domain 
controller, local_WABdomain is a local domain, device is 
the device you want to scan 


Use one or more variables in the target name to match 
several targets that use the same naming convention. 
${ip} - The IP address of the target, i.e. 10.20.30.40. 
${ip_dash} - The IP with dashes, i.e. 10-20-30-40. 
${dnshost} - DNS hostname of the target, i.e. host.domain. 
${host} - Hostname of the target, i.e. host before .domain. 
${nbhost} - (Windows only) The NetBIOS name of the 
target in upper-case, i.e. HOST_ABC. 


For example, the target name 
user@local_WABdomain@§{ip} will match these 3 devices: 
10.50.60.70, 10.50.60.88 and 10.30.10.12. 
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List Vaults 


The Authentication Vault API (resource /api/2.0/fo/vault/) allows you to list 
authentication vaults in your account. Use the parameter “action=list” to list the vaults 


Permissions: Managers, Unit Managers and Scanners can view vaults and their settings. 
API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: curl" -d 
"action=list" "https://qualysapi.qualys.com/api/2.0/fo/vault/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE AUTH VAULT LIST OUTPUT SYSTEM 


"https://qualysapi.qualys.com/api/2.0/fo/vault/vault_output.dtd"> 
<AUTH VAULT LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2014-09-12T13:55:572Z</DATETIME> 
<STATUS>Success</STATUS> 
<COUNT>13</COUNT> 
<AUTH VAULTS> 
<AUTH VAULT> 
<TITLE> 
<! [CDATA [added failover ip]]> 
</TITLE> 
<VAULT_TYPE> 
<! [CDATA [ 
</VAULT_TYPE> 
<LAST_MODIFIED> 
<DATETIME>2014-02-13T12:05:212</DATETIME> 
<BY>quays_rnl</BY> 
</LAST MODIFIED> 
<ID>1421</ID> 
</AUTH_VAULT> 
<AUTH_VAULT> 
<TITLE> 
<! [CDATA [added failover ipl]]> 
</TITLE> 
<VAULT TYPE> 
<! [CDATA[ 
</VAULT_TYPE> 
<LAST MODIFIED> 
<DATETIME>2014-02-19T06:43:442</DATETIME> 
<BY>quays_rnl</BY> 
</LAST MODIFIED> 


CyberArk PIM Suite] ]> 


CyberArk PIM Suite] ]> 


T 
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</R 


</AUT 


<ID>1441</ID> 
</AUTH_VAULT> 
<AUTH VAULT> 


<TITLE> 


</TITLE> 
<VAULT_TYPE> 

<![CDATA 
</VAULT_TYPE 
<LAST MODIFI! 


[ 
> 


<! [CDATA[Blue] ]> 


CA Access Control] ]> 


D> 


<DATETIM 


T 


>2013-09-21T05:26:32Z</DAT 


Vault Support 


List Vaults 


ETIME 


<BY>quays_rn1</BY> 
</LAST_MODIFIED> 
<ID>1406</ID> 
</AUTH_VAULT> 


H VAULTS> 


ESPONS 


E> 


</AUTH VAULT 


LIST OUTPUT> 


Parameters: 
Parameter Description 
action=list Required) 


echo_request=[0|1) 


Optional) Set to 1 to show (echo) the request's input 
parameters (names and value) in the XML output. 


title={value} 


Optional) Include vaults matching this title. 


type={value} 


is: 
ARCON PAM 
Azure Key 


BeyondTrust PBPS 
CA Access Control 


CA PAM 
CyberArk AIM 


CyberArk PIM Suite 


HashiCorp 
Hitachi ID PAM 

Lieberman ERPM 
Quest Vault 


Thycotic Secret Server 
Wallix AdminBastion (WAB) 


Optional) Include a certain vault type only. A valid value 


modified={date} 


(Optional) Include vaults modified on or after a certain 
date/time, in this format: YYY Y-MM- 
DD[THH:MM:SSZ] (UTC/GMT). 
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Description 


orderby={value} 


(Optional) Sort the vaults list by certain data. One of: “id”, 
“title”, “system_name’”, “last_modified”, 
“last_modified_by”. A date must be specified in 


YYYYMM-DD[THH:MM:SSZ] format (UTC/GMT). 


sortorder={asc|desc} 


(Optional) The sort order, used when the request 
includes the orderby parameter. One of: asc (for 
ascending order) or desc (for descending order). 


limit={value} 


(Optional) The maximum number of vault records 
processed for the request, starting at the record number 
specified by the offset parameter. These parameters 
must be specified together: limit and offset. 


Limit value must always be greater than “O”. If you 
specify a value 0 for the parameter, the request will fail. 


When not specified, default limit is set to 1,000 vault 
records. You can specify a value less than or greater than 
the default. 


offset={value} 


(Optional) The starting vault record number, used only 
when the request includes the limit parameter. 


More sample requests: 


1) List all vaults, order vaults by system name 


curl -H "X-Requested-With:API" -u "USERNAME: PASSWD" -d 
"action=listé&orderby=system name" 
"https://qualysapi.qualys.com/api/2.0/fo/vault/index.php/?" 


2) List all vaults, order vaults by title in descending order 


curl -H "X-Requested-With:API" -u "USERNAME: PASSWD" -d 
"action=list&sortorder=descétitle" 
"https://qualysapi.qualys.com/api/2.0/fo/vault/index.php/?" 


3) List only 9th and 10th vault records 


curl -H "X-Requested-With:API" -u "USERNAME: PASSWD" -d 
"action=listé&limit=2&so0ffset=9" 


"https://qualysapi.qualys.com/api/2.0/fo/vault/index.php/?" 
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The Authentication Vault API (resource /api/2.0/fo0/vault) allows you to manage 
authentication vaults (create, update, delete) as separate configurations. 


Permissions: Managers can perform all functions (create, update, delete). Unit Managers 
can perform these functions if they are granted the permission “Create/edit 
authentication records/vaults”. 


Create a new vault 


Parameters: 
Parameter Description 
action=create (Required) 


title={value} 


(Required) The vault title. 


type={value} 


(Required) The vault type. A valid value is: 


ARCON PAM 
Azure Key 


BeyondTrust PBPS 
CA Access Control 


CA PAM 
CyberArk AIM 
CyberArk P 
ashiCorp 


itachi ID PAM 


M Suite 


Lieberman ERPM 


Quest Vault 
Thycotic Secret Server 


Wallix AdminBastion (WAB) 


comments={value} 


(Optional) User defined comments. 


{vault settings} 


“Tell me about vault settings” 


API request: 


curl 


"US 


ERNAME 


=u 


: PASSWORD" 


-H "X-Requested-With: 


cu 


"action=createétype=CyberArk AIM&title=New-CyberArk- 
AIM&appid=CyberAr 


fy=1& 
=----- BEGIN+C 


ERTIFICATE 


"h 


ttps://qualysapi.g 


BRTIEFTCATE= === = 

D% OAMI IDXzCCAkcCAQEwDOY JKoZIwdjELMAkGA1U 
END+C 
=== CIO a Spa 
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k0OO07&safe=Vaultsafeéurl=h 


te key pwd=password&private key=----- 
EGIN+RSA+PRIVATE+KEY----- 
ODSOAMI IEowI BAAKCAQ 

ND+RSA+PRIVATE+KE 


ri" = 


ualys.com/api/2.0/fo/vault/index.php" 


d 


ttps://afco.com&ssl_ veri 


XML output: 


<?xml version="1.0" encoding=" 
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UTF-8" ?> 


<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RES PONSE> 


<DATETIME>2016-09-02T06:10:022</DATETIME> 


<TEXT>Success</TEXT> 
<ITEM LIST> 

<ITE 
<KEY>ID</KEY> 
<VALUE>7004</VALUI 


eal 
V 


</ITEM LIST> 
</RESPONSE> 
</SIMPLF RETURN> 


Update vault settings 


Parameters: 

Parameter Description 

action=update (Required) 

id={value} (Required) A vault ID. 

title={value} (Optional) A new title to replace the existing title. 
comments={value} (Optional) User defined comments. 


{vault settings} “Tell me about vault settings” 


API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: curl" -X "POST" 
"1d=14836922é&server address=10.10.10.10" 
"https://qualysapi.qualys.com/api/2.0/fo/vault/?action=update" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RES PONSE> 


<DATETIME>2014-09-12T14:13:28Z</DATETIME> 


<TEXT>Success</TEXT> 
<ITEM LIST> 

<ITEM> 

<KEY>ID</KEY> 


4 
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<VALUE>14836922</VALU 
</ITEM> 
</ITEM_LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


(sal 
V 


View vault settings 


Parameter Description 
action=view (Required) 
id={value} (Required) A vault ID. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -q 
"action=view&id=7004" 
"https://qualysapi.qualys.com/api/2.0/fo/vault/index.php" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE VAULT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/vault/vault_view.dtd"> 
<VAULT OUTPUT> 
<RESPONSE> 
<DATETIME>2016-09-08T06:38:28Z</DATETIME> 
<VAULT QUEST> 
<TITLE><! [CDATA[New CyberArk AIM Vault] ]></TITLE> 
<COMMENTS><! [CDATA [] ]></COMMENTS> 
<VAULT_ TYPE><! [CDATA[CyberArk AIM] ]></VAULT_TYPE> 
<CREATED ON>2016-09-07T07:09:34Z</CREATED ON> 
<OWNER>user_ john</OWNER> 
<LAST MODIFIED> 
<DATETIME>2016-09-08T06: 37: 49Z</DATETIME> 
<BY>user john</BY> 
</LAST MODIFIED> 
<APPID><! [CDATA[735435] ]></APPID> 
<URL><! [CDATA[https://afco.com] ]></URL> 
<SSL VERIFY><! [CDATA[1]]></SSL_VERIFY> 
<SAFE><! [CDATA[56908456904] ]></SAFE> 
<ID>7004</ID> 
</VAULT_QUEST> 
</RESPONSE> 
</VAULT_OUTPUT> 


T 


Eal 
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Delete a vault 


Parameter Description 
action=view (Required) 
id={value} (Required) A vault ID. 


API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: curl" -d 
"id=43463" 
"https://qualysapi.qualys.com/api/2.0/fo/vault/?action=delete" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2014-09-12T14:13:282</DATETIME> 
<TEXT>Success</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>Status</KEY> 
<VALUE>Deleted</VALU 
</ITEM> 
EM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


eal 
V 


Tell me about vault settings 
The vault settings differ per vault type. 


ARCON PAM 


url={value} (Required to create and optional to update vault) The 
HTTP or HTTPS URL to access the ARCON PAM Vault API. 
The HTTPS URL is required if the ssl_verify parameter is 
set 1. 


ssl_verify={0|1} (Required to create and optional to update vault) When 
set to 1 (the default), our service will verify the SSL 
certificate of the web server to make sure the certificate is 
valid and trusted. When set to 0, our service will not 
verify the certificate of the web server. 


username={value} (Required to create and optional to update vault) A 
username required to access the vault. 


password={value} (Required to create and optional to update vault) A 
password required to access the vault. 
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url={value} 


(Required to create and optional to update vault) The 
HTTP or HTTPS URL to access the Azure key Vault HTTP 
API. The HTTPS URL is required if the ssl_verify parameter 
is set 1. 


app_id={value} 


(Required to create and optional to update vault) The 
application ID associated with the application created in 
the Azure Key Vault. 


ssl_verify={0|1} 


Required to create and optional to update vault) When 
set to 1 (the default), our service will verify the SSL 
certificate of the web server to make sure the certificate is 
valid and trusted. When set to 0, our service will not 
verify the certificate of the web server. 


certificate={value} 


(Required to create and optional to update vault) The 

client certificate for authentication. Enter the certificate 
block after the key block and be sure to include the first 
and last line (-----BEGIN CERTIFICATE----- and ----- END 
CERTIFICATE----- ). 
For a create/update request, if the cert parameter is 

specified, then the private_key parameter must also be 
specified. 


private key=[value) 


Required to create and optional to update vault) The 
private key for authentication. Copy the contents of 
private key file (id_rsa) and be sure to include the first and 
ast line (----- BEGIN PRIVATE KEY----- and ----- END 
PRIVATE KEY----- ). 


passphrase=[value) 


Optional) The private key passphrase is required if the 
private key is encrypted. 


BeyondTrust PBPS 


appkey={value} 


(Required for new vault) The application key (alpha- 
numeric string) for the BeyondTrust PBPS web services 
API. The maximum length is 128 bytes. A leading and/or 
trailing space or periods in the input value will be 
removed. 


url={value} 


(Required for new vault) The HTTP or HTTPS URL to 
access the BeyondTrust PBPS web services API. 


ssl_verify={1|0} 


(Optional) When set to 1, our service will verify the SSL 
certificate of the web server to make sure the certificate is 
valid and trusted. When set to 0, our service will not 
verify the certificate of the web server. 


username={value} 


(Required for new vault) The user account that can call 
the BeyondTrust PBPS web services API. The maximum 
length is 64 characters. This special character cannot be 
included: @ 


password={value} 


(Optional) Specify a user password when required by the 
Application API Key configuration in BeyondTrust. 
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cert=[value) 


Vault Support 
Manage Vaults 


(Optional) Provide an X.509 client certificate with your 
private key when required by the Application API Key 
configuration in Beyond'Irust. The certificate must be 
trusted by the PBPS web server. 


Enter the certificate block after the key block and be sure 
to include the first and last line (-----BEGIN CERTIFICATE- 
---- and ----- END CERTIFICATE----- Ji 


For a create/update request, if the cert parameter is 
specified, then the private_key parameter must also be 
specified. 


private_key=fvalue} 


Optional) Specify the private key for authentication. Copy 
the contents of private key file (id_rsa) and be sure to 
include the first and last line (-----BEGIN PRIVATE KEY----- 
and ----- END PRIVATE KEY-----). 


For a create/update request, if the private_key parameter 
is specified, then the cert parameter must also be 
specified. 


private key_pwd=[value) 


(Optional) Specify a password for your private key if it's 
encrypted. 


CA Access Control 


ca_url={value} 


(Required for new vault) The HTTP or HTTPS URL of the 
CA Access Control web services, an API interface to your 
CA Access Control Enterprise Management installation. 
Note that the web services URL is different from the web 
management URL. 


Sample web services URL: 
http://caac126u-32-235.caac125.domain.com:18080/1am/ 
TEWS6/ac 


Sample web management URL: 
http://caac126p-33-166.caac125.domain.com:18080/iam/a 
c/ 


ca_api_username=[value) 


(Required for new vault) The name of a user that is 
granted GetAccountPassword API permissions. 


ca_ssl_verify={1|0} 


(Required for new vault) When set to 1, our service will 
verify the SSL certificate of the web server to make sure 
the certificate is valid and trusted. When set to 0 our 
service will not verify the certificate of the web server. 


ca_web_username={value} 


(Optional) The web user name used to access Basic 
Authentication of the CA Access Control web server. 


ca_web_password={value} 


(Optional) The web password used to access Basic 
Authentication of the CA Access Control web server. 


CA PAM 


ssl_verify={0|1} 


(Required to create and optional to update vault) The user 
account that can call the CA PAM Vault HTTP API. 
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url={value} 


Vault Support 
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(Required to create and optional to update vault) The 
HTTP or HTTPS URL to access the CA PAM Vault HTTP API. 


apikey_name={value} 


(Required to create and optional to update vault) The user 
account that can call the CA PAM Vault HTTP API. 


apikey={value} 


(Required to create and optional to update vault) The 
password for the user account that can call the CA PAM 
Vault HTTP API. 


CyberArk AIM 


appid={value} 


(Required) Application ID string defined by the customer. 
The application ID acts as an authenticator for our 
scanner to call CCP web services API. The maximum 
length of an application ID name is 128 bytes and the first 
28 characters must be unique (leading and/or trailing 
space or periods in the input value will be removed). 
These restricted words cannot be included in a 
application ID: Users, Addresses, Areas, XUserRules, 
unknown, Locations, Safes, Schedule, VaultCategories, 
Builtin. These special characters cannot be included in a 
application ID:\/:*? "<> |\t\r\n\x1F. 


safe={value} 


(Required) The name of the digital password safe. The safe 
name can contain a maximum of 28 characters (leading 
and/or trailing space in the input value will be removed). 
These special characters cannot be included in a safe 
name: 
\/:*2"<> |\t\r\n\x1F 


url={value} 


(Required) The HTTP or HTTPS URL over SSL protocols to 
access CyberArk's CCP web services. 


ssl_verify={1|0} 


(Required) When set to 1, our service will verify the CCP 
SSL certificate of the web server to make sure the 
certificate is valid and trusted. When set to 0 our service 
will not verify the certificate of the web server. 


cert={value} 


(Optional) You must include an X.509 certificate with your 
private key. Enter the certificate block after the key block 
and be sure to include the first and last line (-----BEGIN 
CERTIFICATE----- and ----- END CERTIFICATE----- ). 


£ 


For a create/update request, if the certificate parameter is 
specified, then the private_key parameter must also be 
specified. 


private_key={value} 


Optional) Specify private key for authentication. Copy the 
contents of private key file (id_rsa) and be sure to include 
the first and last line (-----BEGIN PRIVATE KEY----- and ---- 
-END PRIVATE KEY-----). 


For a create/update request, if the private_key parameter 
is specified, then the certificate parameter must also be 
specified. 


private_key_pwd={value} 


Optional) Specify a password for the encrypted 
private_key. 
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server_address={value} 


(Required for new vault) The IP address of the vault server 
that stores system login credentials to be used. 


port={value} 


(Optional) The port the vault server is running on. The 
port must be in the range 1025 to 65535. For a new vault 
the port is set to 1858 by default, if the port parameter is 
not specified. 


safe={value} 


(Required for new vault) The name of the digital password 
safe. The safe name can contain a maximum of 28 
characters (leading and/or trailing space in the input 
value will be removed). These special characters cannot 
be included in a safe name: \/:*?"<>.| 


username={value} 


(Required for new vault) The username for an account 
with access to your CyberArk PIM Suite environment. 


password={value} 


(Required for new vault) The password for an account 
with access to your CyberArk PIM Suite environment. 


HashiCorp 


url={value} 


(Required) The HTTP or HTTPS URL to access the 
HashiCorp Vault HTTP API. 


api_version{value} 


(Optional) The HashiCorp Vault HTTP API version. This is 
v1 by default, which is the only supported version. 


ssl_verify={0|1} 


(Required to create and optional to update vault) When 
set to 1 (the default), our service will verify the SSL 
certificate of the web server to make sure the certificate is 
valid and trusted. When set to 0, our service will not 
verify the certificate of the web server. 


auth_type={value} 


Required to create vault, optional to update vault) 
HashiCorp Vault API supports three authentication types. 
First choose any one of the authentication method you 
want to use (Username/Password, Cert or App Role) and 
then provide login credentials for authenticating to the 
vault server via the HashiCorp Vault HTTP API. 


Valid authentication values for API are: userpass, cert and 
approle. 


auth_type={userpass} 


Choose this authentication method to authenticate to the 
vault server with a username and password combination. 
auth_type= {userpass} supports 3 parameters: path, 
username, password. 


path={value} 


(Optional) The path for the Username/Password 
authentication method. The default path is auth/userpass 
but you can specify a custom path like auth/my-path. 


username={value} 


(Required to create and update vault) The user account 
that can access the vault server. 


password={value} 


(Required to create and update vault) The password for 
the user account. 
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auth_type=(cert) 


Vault Support 
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Choose the this authentication method to authenticate to 
the vault server using SSL/TLS client certificates which 
are either signed by a CA (Certificate Authority) or self- 


signed. CA certificates 


are associated with a role name. 


auth_type= {cert} supports 5 parameters: path, role name, 
cert, private_key, passphrase.. 


path={value} 


(Optional) The path for the Cert authentication method. 
The default path is auth/cert but you can specify a 
custom path like auth/my-path. 


role_name={value} 


(Required to create and update vault) The role associated 


with the CA certificate. 


cert={value} 


(Required to create and update vault) The client 


certificate for authenti 
after the key block and 


cation. Enter the certificate block 
be sure to include the first and last 


line (----- BEGIN CERTIFICATE----- and ----- END 


CERTIFICATE----- 


For a create/update request, if the cert parameter is 
specified, then the private_key parameter must also be 


specified. 


private_key={value} 


(Required to create and update vault) The private key for 


id_rsa) and be sure to 


authentication. Copy the contents of private key file 
( 


include the first and last line (----- 


BEGIN PRIVATE KEY----- and ----- END PRIVATE KEY-----). 


passphrase{value} 


(Optional) The private key passphrase, if the private key is 


encrypted. 


auth_type={approle} 


Choose the App Role authentication method to 


authenticate to the vault server with a vault-defined role. 
auth_type= {approle} supports 3 parameters: path, role_id, 


secret_id. 


path={value} 


(Optional) The path for the App Role authentication 
method. The default path is auth/approle but you can 


specify a custom path 


like auth/my-path. 


role_id={value} 


(Required to create and update vault) The role ID of the 
App Role you want to use for authentication. 


secret_id={value} 


(Optional) The secret I 
for authentication. 


D of the App Role you want to use 


Hitachi ID PAM 


url={value} 


(Required for new vau 


t) The HTTP or HTTPS URL of the 


Hitachi ID PAM webservices. 
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username={value} 
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(Required for new vault) The username (ID) for the Hitachi 
ID PAM user account. To allow Qualys scanners to connect 
using this account, this user must have the following 
settings under Administrator information in the Hitachi 
ID Management Suite: 1) the privilege “OTP IDAPI caller” 
and 2) the value entered in the “IP address with CIDR 
bitmask” field must include the Qualys scanner IP 
addresses. 


password={value} 


(Required for new vault) The password for the Hitachi ID 
PAM user account. 


ssl_verify={1|0} 


(Required for new vault) When set to 1, our service will 
verify the SSL certificate of the web server to make sure 
the certificate is valid and trusted. When set to 0 our 
service will not verify the certificate of the web server. 


Lieberman ERPM 


url={value} 


(Required for new vault) The HTTP or HTTPS URL of the 
Lieberman ERPM server. 


domain={value} 


(Optional) A domain name if your Lieberman ERPM server 
is part of a domain. 


username={value} 


Required for new vault) The username for the Lieberman 
ERPM server account. 


password={value} 


(Required) The password for the Lieberman ERPM server 
account. 


ssl_verify={1|0} 


(Required for new vault) When set to 1, our service will 
verify the SSL certificate of the web server to make sure 
the certificate is valid and trusted. When set to 0 our 
service will not verify the certificate of the web server. 


Quest Vault 


server_address={value} 


(Required for new vault) The IP address of the vault server, 
Quest One Privileged Password Manager. 


port={value} 


(Optional) The listing port of the vault server. For a new 
vault the port is set to 22 by default, if the port parameter 
is not specified. 


username={value} 


(Required for new vault) The username to be used for SSH 
authentication. We recommend you create a dedicated 
user account for Qualys scanning. Using Quest/Dell 2.4 or 
higher, enter the key for the API user account you've 
created for use with our service. We support both API and 
CLI keys but recommend use of an API key. 


access_key=({value} 


(Required for new vault) The DSA private key in PEM 
format for SSH authentication. 


Thycotic Secret Server 


url={value} 


(Required for new vault) The HTTP or HTTPS URL of the 
Secret Server webservices. The URL may contain a 
maximum of 256 characters, and must not contain 
multibyte characters. 
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username={value} 
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(Required for new vault) The username for a Secret Server 
user. This user must have access to the secret names to be 
used for authentication. 


password={value} 


(Required for new vault) The password for a Secret Server 
user. 


domain={value} 


(Optional) Specify a fully qualified domain name if Secret 
Server is integrated with Active Directory. The domain 
may contain a maximum of 128 characters, and must not 
contain any multibyte characters. 


Wallix AdminBastion (WAB) 


url={value} 


(Required for new vault) The HTTP or HTTPS URL to 
access the WAB web services API. 


ssl_verify={0|1} 


(Optional) When set to 1 (the default), our service will 
verify the SSL certificate of the web server to make sure 
the certificate is valid and trusted. When set to 0, our 
service will not verify the certificate of the web server. 


username={value} 


(Required for new vault) The user account that can call 
the WAB web services API. 


password={value} 


Optional) The password for the user account that can call 
the WAB web services API. For a new vault, you must 
specify password or appkey. Both parameters cannot be 
specified in the same request. 


appkey={value} 


Optional) Your WAB REST API key (alpha-numeric value) 
for connecting to the WAB web services API. 

Do not include leading or trailing periods or spaces. 

- These characters are not allowed: \\/:*?"<>| 

- UTF-8 multibyte characters are not allowed. 


For a new vault, you must specify password or appkey. 
Both parameters cannot be specified in the same request. 
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Assets 


Assets 


Manage the host assets you want to scan (internal and external facing) for vulnerabilities 
and compliance. 


IP List | Add IPs | Update IPs 

Host List | Host Update 

Host List Detection | Normalized Data | Best Practices | Use Cases 

Excluded Host List | Excluded Hosts Change History | Manage Excluded Hosts 
Virtual Host List | Manage Virtual Hosts 

Restricted IPs List | Manage Restricted IPs 

Asset Group List | Manage Asset Groups 

Purge Hosts 


Patch List 
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IP List 
/api/2.0/fo/asset/ip/?action=list 
[GET] [POST] 


List IP addresses in the user account. By default, all hosts in the user account are 
included. Optional input parameters support filtering the list by IP addresses and host 
tracking method. 


Permissions - Managers and Auditors view all assets in the subscription, Unit Managers 
view assets in their own business unit, Scanners and Readers view assets in their own 
account. 


Express Lite - This API is available to Express Lite users. 


Input Parameters 


Parameter Description 
action=list (Required) A flag used to make an IP list request. 
echo_request={0|1} (Optional) Show (echo) the request’s input parameters 


(names and values) in the XML output. When unspecified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


ips={value} (Optional) Show only certain IP addresses/ranges. One or 
more IPs/ranges may be specified. Multiple entries are 
comma separated. A host IP range is specified with a 
hyphen (for example, 10.10.10.44-10.10.10.90). 


network_id={value} (Optional, and valid only when the Network Support 
feature is enabled for the user’s account) A non-Manager 
user can use this parameter to restrict the request to IP 
addresses in a certain custom network ID. For a Manager 
user, the output will be the same regardless of the 
network_id specified in the request because all IPs are part 
of all networks automatically and Managers have access to 
all IPs in all networks. Specify network_id along with 
tracking_method to filter the results. 


tracking_method={value} (Optional) Show only IP addresses/ranges which have a 
certain tracking method. Valid values: IP, DNS, NETBIOS. 
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Parameter Description 


compliance_enabled={0|1} (Optional) Specifying this parameter is valid only when the 


policy compliance module is enabled for the user account. 
This parameter is invalid for an Express Lite user. 


Specify 1 to list IP addresses in the user’s account assigned 
to the Policy Compliance module. Specify 0 to list IPs which 
are not assigned to the Policy Compliance module. 


An error is returned if a user specifies this parameter, and 
the user’s account does not have compliance management 
privileges to view the requested list. This may be due to the 
user's role and/or account settings as indicated below. 


For a Unit Manager, Scanner or Reader, the “Manage 
compliance” permission must be enabled in the user 
account. If the user does not have this permission and sets 
this parameter to 1, an error is returned. 


An Auditor user cannot make a request to view 
vulnerability management IP addresses. If an Auditor sets 
this parameter to 0, an error is returned. 


certview_enabled={0|1} (Optional) Set to 1 to list IP addresses in the user’s account 


assigned to the Certificate View module. Specify 0 to list IPs 
that are not assigned to the Certificate View module. Note - 
This option will be supported when Certificate View GA is 
released and is enabled for your account. 


Filter the output by module 


Only interested in seeing IP addresses for VM, PC or CertView? Your request must include 
the compliance_enabled and certview_enabled parameters as described below. 


mr 


a 


= 


a 


[o ret 
[o ret 


[o ret 


[o ret 


um only VM IP addresses, specify compliance_enabled=0 and certview_enabled=0. 
urn only PC IP addresses, specify compliance_enabled=1 and certview_enabled=0. 


urn only CertView IP addresses, specify compliance_enabled=0 and 


certview_enabled=1. 


urn both PC and CertView IP addresses, specify compliance_enabled=1 and 


certview_enabled=1. 
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Sample - List Host IPs 


API request: 
curl -H "X-Requested-With: Curl Sample" -b 
"QualysSession=7le6cda2a35d2cd404cddaf305ea0208; 
path=/api; secure" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/?action=list" 


XML output: 


<!DOCTYPE IP_LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/ 
ip _list_output.dtd"> 


<IP_LIST_OUTPUT> 
<RESPONSE> 
<DATETIME>2018-05-21T13:32:17Z</DATETIME> 
<IP_SET> 
<IP>123.123.45.0</IP> 
<IP_RANGE>123.124.45.0-123.124.45.255</IP_RANGE> 
<IP_RANGE>123.124.46.0-123.124.46.255</IP_RANGE> 
<IP_RANGE>123.124.47.0-123.124.47.255</IP_RANGE> 
<IP_RANGE>123.124.48.0-123.124.48.255</IP_RANGE> 
</IP_SET> 
</RESPONSE> 
</IP_LIST_OUTPUT> 


DTD 
<platform API server>/api/2.0/fo/asset/ip/ip_list_output.dtd 
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Add IPs 
/api/2.0/fo/asset/ip/?action=add 
[POST] 


Add IP addresses to the user's subscription. Once added they are available for scanning 
and reporting. 


Permissions - A Manager has permissions to add IP addresses. A Unit Manager can add IP 
addresses when the “Add assets” permission is enabled in their account. Users with other 
roles (Scanner, Reader, Auditor) do not have permissions to add IP addresses. 


Input Parameters 


Parameter Description 

action=add Required) 

echo_request={0|1} Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 

ips={value} -or- Required) The hosts you want to add to the subscription. 

{POSTed CSV raw data} IPs must be specified by using the “ips” parameter (using 


the POST method) or by uploading CSV raw data (using the 
POST method). To upload CSV raw data, specify --data- 
binary <data>. 


How to specify IP addresses. One or more IPs/ranges may 
be specified. Multiple IPs/ranges are comma separated. An 
IP range is specified with a hyphen (for example, 
10.10.30.1-10.10.30.50). CIDR notation is supported. 


tracking_method={value} (Optional) The tracking method is set to IP for IP address by 
default. To use another tracking method specify DNS or 


NETBIOS. 
enable_vm=({0|1} (Required) You must enable the hosts for the VM app 
enable_pc={0|1} (enable_vm=1) or the PC app (enable_pc=1) or both apps. 
owner={value} (Optional) The owner of the host asset(s). The owner must 


be a Manager or a Unit Manager. A valid Unit Manager 
must have the “Add assets” permission and sufficient 
remaining IPs (maximum number of IPs that can be added 
to the Unit Manager’s business unit). 


ud1={value} (Optional) Values for user-defined fields 1, 2 and 3. You can 
ud2={value} specify a maximum of 128 characters (ascii) for each field 
ud3={value} value. 

comment={value} (Optional) User-defined comments. 
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Parameter Description 


ag_title={value} (Required if the request is being made by a Unit Manager; 
otherwise invalid) The title of an asset group in the Unit 
Manager’s business unit that the host(s) will be added to. 


enable_certview=({0|1} (Optional) Set to 1 to add IPs to your CertView license. By 
default IPs are not added to your CertView license. This 
option will be supported when CertView GA is released and 
is enabled for your account. 


Sample - Add IPs using POSTED data 


API request: 
curl -H "X-Requested-With: Curl" -H "Content-Type:text/csv" 
-u “USERNAME:PASSWORD" --data-binary @ips list.csv 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/?action=addéenab 
le vm=l&enable pc=l&tracking method=IP&é0wner=quays esl" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 

<DATETIME>2018-08-07T01:21:03Z</DATETIME> 
<TEXT>IPs successfully added to Vulnerability 
Management/Compliance Management</TEXT> 

</RESPONSE> 

</SIMPLE RETURN> 


Sample - Add IPs using “ips” parameter 


API request: 
curl -H "X-Requested-With: demo" -u "USERNAME:PASSWORD" -X "POST" 
-d "“action=add&enable vm=l&enable pc=1éips=10.10.10.1,10.10.10.10- 
10.10.10.20,10.10.10.200" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/" 


DTD 
<platform API server>/api/2.0/simple_return.dtd 
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Update IPs 
/api/2.0/fo/asset/ip/?action=update 
[POST] 


Update IP addresses in the user's subscription. 


Good to Know 


- Host attributes you can update include tracking method (IP, DNS, NETBIOS), owner, user- 
defined fields (ud1, ud2, ud3), and comments. 


- You cannot update an IP to use tracking method EC2 or AGENT. Also, if an IP is already 
tracked by EC2 or AGENT, you cannot change the tracking method to something else. We 
will skip the tracking method update in these cases. 


- You can update multiple IPs/ranges in the same request. The host attribute changes will 
apply to all IPs included in the action. 


- When the Network Support feature is enabled, you can update IPs in a custom network 
or in the Global Default Network. Only one network ID can be specified per update 
request. When a network ID is not specified in the request, we default to a value of 0 for 
Global Default Network. 


Permissions 


Managers have permission to update any IP, in any network. Sub-users (who have 
permission to update IPs) can update IPs for networks in their user scope. A Unit Manager 
can update IPs in asset groups assigned to their business unit. Users with other roles 
(Scanner, Reader, Auditor) do not have permission to update IP addresses. 


Input Parameters 


Parameter Description 

action=update (Required) 

echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 

ips={value} -or- (Required) The hosts within the subscription you want to 

{POSTed CSV raw data} update. IPs must be specified by using the “ips” parameter 


(using the POST method) or by uploading CSV raw data 
(using the POST method). To upload CSV raw data, specify - 
-data-binary <data>. 


One or more IPs/ranges may be specified. Multiple entries 
are comma separated. An IP range is specified with a 
hyphen (for example, 10.10.30.1-10.10.30.50). CIDR 
notation is supported. 
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Description 


network_id={value} 


(Optiona 


network 


Default Network. 


, and valid only when the Network Support 


feature is enabled for the user’s account) Restrict the 
request to a certain custom network by specifying the 


D. When unspecified, we default to “0” for Global 


tracking_method={value} 


Optiona 


You cann 


To change to another tracking method specify IP 


for IP address, DNS or NETBIOS. 


ot change the tracking method to EC2 or AGENT. 


If an IP is already tracked by EC2 or AGENT, you cannot 
change the tracking method to something else. 


host_dns={value} 


(Optiona 


) The DNS hostname for the IP you want to 


update. A single IP must be specified in the same request 
and the IP will only be updated if it matches the hostname 


specified 


host_netbios={value} 


(Optional) The NetBIOS hostname for the IP you want to 
update. A single IP must be specified in the same request 
and the IP will only be updated if it matches the hostname 


specified. 
owner=({value} Optional) The owner of the host asset(s). The owner must 
be a Manager. Another user (Unit Manager, Scanner, 
Reader) can be the owner if the IP address is in the user’s 
account. 
ud1={value} Optional) Values for user-defined fields 1, 2 and 3. You can 
ud2={value} specify a maximum of 128 characters (ascii) for each field 
ud3={value} value. 


comment={value} 


Optiona 


) User-defined comments. 


Sample - Add IPs and assign tracking method 


API request: 


curl -H "X-Requested-With: demo" -u "USERNAME: PASSWORD" -X "POST" 
-d "action=update&ips=10.10.10.200,10.10.23.40&tracking method= 
DNS" "https://qualysapi.qualys.com/api/2.0/fo/asset/ip/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 


"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETU 


RN> 


<RES PONSE> 
DATETIM 


URN> 


E>2018-04-07T17:27:362Z</DATETIME> 
EXT>IPs successfully updated</TEXT> 
</RESPONSE> 
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Sample - Update IP with matching NetBIOS name 


IP 10.10.26.167 has multiple entries so we're specifying the NetBIOS hostname in the 
request to identify which entry to update. 


API request: 


curl -H "X-Requested-With: demo" -u "USERNAME:PASSWORD" -X "POST" 
-d "action=update&ips=10.10.26.167&host netbios=ORA10105-WIN- 
25&&comment=mycomment" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/" 


Sample - Update IPs in custom network 


(Applicable when the Network Support feature is enabled.) In this sample, network ID 
2222 is specified in the request. The tracking method will be changed for the specified IPs 
in this network only. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d 
"action=updateénetwork id=2222&ips=10.10.10.200,10.10.23.40&tracki 
ng_method=DNS" "https://qualysapi.qualys.com/api/2.0/fo/asset/ip/" 


Sample - Network ID is not in user’s scope 


(Applicable when the Network Support feature is enabled.) In this sample, the sub-user is 
trying to update an IP address in a network that is not in their scope. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d 

"action=updateénetwork id=55555&ips=10.10.10.10&comment=mycomment" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2020-10-14T17:27:36Z</DATETIME> 
<CODE>1905</CODE> 


EXT>parameter network id has invalid value: 55555 (No such 
network ID or not in user scope) </TEXT> 

SPONSE> 
</SIMPLE RETURN> 
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Sample - Duplicate host error 


For the request below we're updating IP 10.10.25.224. The duplicate host warning is 
returned because there are 2 asset records for IP 10.10.25.224. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -X POST -d 
"action=updateéips=10.10.25.224&tracking method=IP" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE DUPLICATE HOSTS ERROR OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/duplicate hosts _ 
error.dtd"> 
<DUPLICATE HOSTS 
<RES PONSE> 
<CODE>1982</CODE> 
<DATETIME>2018-03-16T04:54:15Z</DATETIME> 
<WARNING> 
<TEXT>You cannot change the tracking method for the following 
host using the API since there are multiple scan data entries. This 
can happen when the host is resolved to different hostnames in 
different scan tasks. You'll need to change the tracking method 
using the UI. Use the URL to log into your account, edit the host 
and select another tracking method. At the prompt click Apply to 
save the most recent scan data and purge the other scan 
data.</TEXT> 
<DUPLICATE HOSTS> 
<DUPLICATE HOST> 
<IP>10.10.25.224</IP> 
<DNS HOSTNAME>oral0105-win-25- 
224.qualys.com</DNS_HOSTNAME> 
<NETBIOS HOSTNAME>ORA10105-WIN-25</NETBIOS HOSTNAM 
<LAST SCANDATE>09/09/2016 at 13:35:29 
(GMT) </LAST_SCANDATE> 
<TRACKING>DNS</TRACKING> 
</DUPLICATE HOST> 
</DUPLICATE HOSTS> 
<URL><! [CDATA[https://qualysguard.qualys.com/fo/tools/ip assets.ph 
p] ]></URL> 7 
</WARNING> 
</RESPONSE> 
</DUPLICATE HOSTS ERROR OUTPUT> 


T 


Fa 
Ww 


ROR OUTPUT> 


ie 
V 


DTD for duplicate host error 


<platform API server>/api/2.0/fo/asset/ip/duplicate_hosts_error.dtd" 
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Host List 
/api/2.0/fo/asset/host/?action=list 
[GET] [POST] 


Download a list of scanned hosts in the user’s account. By default, all scanned hosts in the 
user account are included and basic information about each host is provided. Hosts in the 
XML output are sorted by host ID in ascending order. 


The output of the Host List API is paginated. By default, a maximum of 1,000 host records 
are returned per request. You can customize the page size (i.e. the number of host records) 
by using the parameter “truncation_limit=10000” for instance. In this case the results will 
be return with pages of 10,000 host records. 


Permissions - Managers view all scanned hosts in subscription. Auditors view all scanned 
compliance hosts in subscription. Unit Managers view scanned hosts in user’s business 
unit. Scanners and Readers view scanned hosts in user’s account. Please note that this API 
only returns information for hosts that are assigned to each user through asset groups in 
VM/VMDR and PC. 


For Unit Managers, Scanners, and Readers to view compliance hosts, the “Manage 
compliance” permission must be granted in the user’s account. 


Express Lite - This API is available to Express Lite users. 


Input Parameters 


Parameter Description 
action=list (Required) A flag used to make a host list request. 
echo_request={0|1} (Optional) Specify 1 to view input parameters in the XML 


output. When unspecified, parameters are not included in 
the XML output. 
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Description 


show_asset_id=[0|1) 


(Optional) When specified, we show the asset ID of the 
scanned hosts in the output. The default value of this 
parameter is set to 0. When set to 0, we do not show the 
asset id information for the scanned hosts. 


details=[(Basic|Basic/AGs | 
AIl|All/AGs | None} 


(Optional) Show the requested amount of host information 
for each host. A valid value is: Basic, Basic/AGs, All, 
All/AGs, or None. 


Basic - (default) Show basic host information. Basic host 
information includes the host ID, IP address, tracking 
method, DNS and NetBIOS hostnames, and operating 
system. 


Basic/AGs - Show basic host information plus asset group 
information. Asset group information includes the asset 
group ID and title. 


All - Show all host information. All host information 
includes the basic host information plus the last 
vulnerability and compliance scan dates. 


All/AGs - Show all host information plus asset group 
information. Asset group information includes the asset 
group ID and title. 


None - Show only the host ID. 


os_pattern={expression} 


(Optional) Show only hosts which have an operating 
system matching a certain regular expression. An empty 
value cannot be specified. Use “%5E%24” to match empty 
string. 


Important: The regular expression string you enter must 
follow the PCRE standard and it must be URL encoded. 


Sample regular expression strings for matching OS names: 
Qualys API - Host List Detection API samples (GitHub, see 
sample 17) 


For information about the Perl Compatible Regular 
Expressions (PCRE) standard visit: 
http://php.net/manual/en/book.pcre.php 


PCRE syntax: 
http://php.net/manual/en/reference.pcre.pattern.syntax.p 
hp 


http://www.php.net/manual/en/reference.pcre.pattern.pos 
ix.php 
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truncation_limit=[value) 


(Optional) Specify the maximum number of host records 
processed per request. When not specified, the truncation 
limit is set to 1000 host records. You may specify a value 
less than the default (1-999) or greater than the default 
(1001-1000000). 


If the requested list identifies more host records than the 
truncation limit, then the XML output includes the 
<WARNING> element and the URL for making another 
request for the next batch of host records. 


See example: 
Qualys API - Host List API samples (GitHub, sample 3) 


You can specify truncation_limit=0 for no truncation limit. 
This means that the output is not paginated and all the 
records are returned in a single output. WARNING: This 
can generate very large output and processing large XML 
files can consume a lot of resources on the client side. In 
this case itis recommended to use the pagination logic and 
parallel processing. The previous page can be processed 
while the next page is downloaded. 


ips={value} 


Optional) Show only certain IP addresses/ranges. One or 
more IPs/ranges may be specified. Multiple entries are 
comma separated. An IP range is specified with a hyphen 
for example, 10.10.10.1-10.10.10.100). 


ipv6={value} 


Optional) A valid IPv6 address. Multiple entries are comma 
separated. 

If ipv6 is used as filter parameter then other target input 
filter parameters are not accepted. 


ag_ids={value} 


(Optional) Show only hosts belonging to asset groups with 
certain IDs. One or more asset group IDs and/or ranges 
may be specified. Multiple entries are comma separated. A 
range is specified with a dash (for example, 386941- 
386945). Valid asset group IDs are required. 


ag_titles={value} 


(Optional) Show only hosts belonging to asset groups with 
certain strings in the asset group title. One or more asset 
group titles may be specified. Multiple entries are comma 
separated (for example, 
My+First+Asset+Group,Another+Asset+Group). 


ids={value} 


(Optional) Show only certain host IDs/ranges. One or more 
host IDs/ranges may be specified. Multiple entries are 
comma separated. A host ID range is specified with a 
hyphen (for example, 190-400).Valid host IDs are required. 


id_min={value} 


(Optional) Show only hosts which have a minimum host ID 
value. A valid host ID is required. 


id_max={value} 


(Optional) Show only hosts which have a maximum host ID 
value. A valid host ID is required. 
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network_ids={value} 


Optional, and valid only when the Network Support 
feature is enabled for the user’s account) 

Restrict the request to certain custom network IDs. 
Multiple network IDs are comma separated. 


compliance_enabled={0|1} 


Optional) This parameter is valid only when the policy 
compliance module is enabled for the user account. This 
parameter is invalid for an Express Lite user. 


Use this parameter to filter the scanned hosts list to show 
either: 1) a list of scanned compliance hosts, or 2) a list of 
scanned vulnerability management hosts. 


Specify 1 to list scanned compliance hosts in the user’s 
account. These hosts are assigned to the policy compliance 
module. 


Specify 0 to list scanned hosts which are not assigned to 
the policy compliance module. 


A user can specify 0 only when the user has compliance 
management privileges. For a Unit Manager, Scanner or 
Reader, the “Manage compliance” permission must be 
enabled in the user account. If this permission is not 
enabled and the user makes a request with this parameter 
set to 0, the request fails with an error (unknown 
parameter). 


Date Filters 


no_vm_scan_since={date} 


Optional) Show hosts not scanned since a certain date and 
time (optional). The date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or 
“2007-01-25T23:12:00Z”. Permissions - An Auditor cannot 
specify this parameter. 


no_compliance_scan_since 
={date} 


(Optional) Show compliance hosts not scanned since a 
certain date and time (optional). This parameter is invalid 
for an Express Lite user. The date/time is specified in 
YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2007-07-01” or “2007-01-25T23:12:002”. 


Permissions - A sub-account (Unit Manager, Scanner or 
Reader) can specify this parameter only when the user is 
granted permissions to manage compliance information. 


vm_scan_since={date} 


Optional) Show hosts that were last scanned for 
vulnerabilities since a certain date and time (optional). 
Hosts that were the target of a vulnerability scan since the 
date/time will be shown. Date/time is specified in this 
format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). 
Permissions: An Auditor cannot specify this parameter. 
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compliance_scan_since= 
[date) 


Optional) Show hosts that were last scanned for 
compliance since a certain date and time (optional). Hosts 
that were the target of a compliance scan since the 
date/time will be shown. This parameter is invalid for an 
Express Lite user. Date/time is specified in this format: 
YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). 


Permissions: A sub-account (Unit Manager, Scanner or 
Reader) can specify this parameter only when the user is 
granted permissions to manage compliance information. 


vm_processed_before= 
{date} 


Optional) Show hosts with vulnerability scan results 
processed before a certain date and time. Specify the date 
in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2016-09-12” or “2016-09-12T23:15:002Z”. 


vm_processed_after={date} 


(Optional) Show hosts with vulnerability scan results 
processed after a certain date and time. Specify the date in 
YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2016-09-12” or “2016-09-12T23:15:00Z”. 


vm_scan_date_before= 
{date} 


(Optional) Show hosts with a vulnerability scan end date 
before a certain date and time. Specify the date in YYYY- 
MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09- 
12” or “2016-09-12T23:15:002”. 


vm_scan_date_after={date} 


(Optional) Show hosts with a vulnerability scan end date 
after a certain date and time. Specify the date in YYYY- 
MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09- 
12” or “2016-09-12T23:15:002”. 


vm_auth_scan_date_before 
={date} 


Optional) Show hosts with a successful authenticated 
vulnerability scan end date before a certain date and time. 
Specify the date in YYYY-MM-DD[THH:MM:SSZ] format 
UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:002Z”. 


vm_auth_scan_date_after= 
{date} 


Optional) Show hosts with a successful authenticated 
vulnerability scan end date after a certain date and time. 
Specify the date in YYYY-MM-DD[THH:MM:SSZ] format 
UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:002”. 


scap_scan_since={date} 


(Optional) Show hosts that were last scanned for SCAP 
since a certain date and time. Hosts that were the target of 
a SCAP scan since the date/time will be shown. This 
parameter is invalid for an Express Lite user. Valid date 
format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), 
ike “2018-07-01” or “2018-01-25T23:12:00Z”. 


no_scap_scan_since={date} 


(Optional) Show hosts not scanned for SCAP since a certain 
date and time. This parameter is invalid for an Express Lite 
user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] 
format (UTC/GMT), like 

“2018-07-01” or “2018-01-25T23:12:00Z”. 
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Asset Tags 


use_tags=[0|1) 


(Optional) Specify 0 (the default) if you want to select hosts 
based on IP addresses/ranges and/or asset groups. Specify 
1 if you want to select hosts based on asset tags. 


tag_set_by={idjname} 


(Optional when use_tags=1) Specify “id” (the default) to 
select a tag set by providing tag IDs. Specify “name” to 
select a tag set by providing tag names. 


tag_include_selector= 
any|all} 


(Optional when use_tags=1) Select “any” (the default) to 

include hosts that match at least one of the selected tags. 
Select “all” to include hosts that match all of the selected 
tags. 


tag_exclude_selector= 
any|all} 


(Optional when use_tags=1) Select “any” (the default) to 

exclude hosts that match at least one of the selected tags. 
Select “all” to exclude hosts that match all of the selected 
tags. 


tag_set_include={value} 


Optional when use_tags=1) Specify a tag set to include. 
Hosts that match these tags will be included. You identify 
the tag set by providing tag name or IDs. Multiple entries 
are comma separated. 


tag_set_exclude={value} 


Optional when use_tags=1) Specify a tag set to exclude. 
Hosts that match these tags will be excluded. You identify 
the tag set by providing tag name or IDs. Multiple entries 
are comma separated. 


show_tags={0|1} 


Optional) Specify 1 to display asset tags associated with 
each host in the XML output. 


EC2/Azure/GCP metadata 


host_metadata={value} 


(Optional) Specify “all” to list all cloud assets with their 
metadata or specify the name of the cloud provider to 
show only the assets managed by the cloud provider. Valid 
values: all, ec2, google, azure 


host_metadata_fields= 
{value1,value2} 


(Optional when host_metadata is specified) Specify 
metadata fields to only return data for certain attributes. 


show_cloud_tags={0|1} 


(Optional) Specify 1 to display cloud provider tags for each 
scanned host asset in the output. The default value of the 
parameter is set to 0. When set to 0, we will not show the 
cloud provider tags for the scanned assets. 
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Parameter Description 
cloud_tag_fields={value1, (Optional when show_cloud_tags is specified) Specify cloud 
value2} tags or cloud tag and name combinations to only return 


information for specified cloud tags. A cloud tag 

name and value combination is specified with a colon (for 
example:SomeTag6:AY_ec2). For each cloud tag, we show 
the cloud tag’s name, its value, and last success date (the 
tag last success date/time, fetched from instance). 


If this parameter is not specified and "show_cloud_tags" is 
set to 1, we will show all the cloud provider tags for the 
assets. 


Sample - List assets based on scan end date, scan processed date 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/?action=list&t 
runcation_limit=10&details=Al1/AGs& 
vm_scan date before=2017-09-14T06:32:152& 
vm auth scan date before=2017-09-14T06:32:152& 
vm_scan date after=2016-05-12T06:32:152% 
vm auth scan date after=2016-05- 
12T06:32:15Zé&vm_ processed before=2017-09 
scap scan _since=2018-08-29 


XML output: 


<HOST LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2018-04-26T11:22:56Z</DATETIME> 
<HOST_LIST> 
<HOST> 
<ID>2872568</ID> 
<IP>10.10.25.182</IP> 
<TRACKING METHOD>IP</TRACKING METHOD> 
<NETBIOS><! [CDATA[COM-REG-SLES102] ] ></NETBIOS> 
<OS><![CDATA[Linux 2.4-2.6 / Embedded Device / F5 Networks 
Big-IP / Linux 
2.6]]></OS> 
<LAST_VULN_SCAN DATETIME>2017-02- 
05T19:48:17Z</LAST VULN SCAN DATETIME> 
<LAST VM SCANNED DATE>2017-02- 
05T19:48:17Z</LAST VM SCANNED _DATE> 
<LAST_VM_SCANNED_DURATION>988</LAST_VM_SCANNED_DURATION> 
<LAST VM AUTH SCANNED DATE>2017-02- 
05T19:48:17Z</LAST VM AUTH SCANNED DATE> 


T 
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eA 


<LAST VM AUTH SCANNED DURATION>988</LAST VM AUTH SCANNED D 


<LAST COMPLIANCE SCAN DATETIME>2016-10- 


09T16:23:26Z</LAST COMPLIANCE SCAN DATETIME> 


<LAST SCAP SCAN DATETIME>2018-08- 


29T0 


,477 
8368 
2,10 


</HO 


8:44:54Z</LAST SCAP SCAN DATETIME> 
<OWNER>utwrx_kg</OWNER> 
<COMMENTS><! [CDATA[#RFDS#@] ] ></COMMENTS> 
<USER_DEF> 
<VALUE_1><! [CDATA[###$#R] ] ></VALUE_1> 
<VALUE_2><! [CDATA[###RFESF#] ]></VALUE_2> 
<VALUE_3><! [CDATA[#RFE#] ]></VALUE_3> 
</USER_DEF> 
<ASSET_GROUP_IDS>473828, 474410, 474821, 475800, 476176,477561 
562,478906,479441, 479442, 485951, 548754, 549447, 553596, 553598, 55 
,568715,572525, 573976, 573983, 573985, 607336, 833161,891118, 95706 
77977,1311813,1604575,1642904</ASSET_GROUP_IDS> 
</HOST> 


ST LIST OUTPUT> 


Sample - List scanned assets with certain EC2 metadata 


API request: 


curl 
"act 
gion 
WAGE 


XML output: 


<!DO 
"het 
ut.d 
<HOS 

<R 


Obb8 


-u “USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
ion=listé&details=All&host metadata=ec2éhost metadata _fields=re 
,accountid, instancelId" 
ps://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


CTYPE HOST LIST OUTPUT SYSTEM 
ps://qualysapi.qualys.com/api/2.0/fo/asset/host/host_ list outp 
td"> 
T LIST OUTPUT> 
ESPONSE> 
<DATETIME>2017-04-15T09:50:46Z</DATETIME> 
<HOST_LIST> 

<HOST> 

<ID>135151</ID> 

<IP>10.97.5.247</IP> 

<TRACKING METHOD>EC2</TRACKING METHOD> 
<DNS><! [CDATA[i-0bb87c3281243cdfd] ]></DNS> 
<EC2 INSTANCE ID><! [CDATA[i- 
7¢3281243cdf£d] ]></EC2_INSTANCE_ID> 

<OS><! [CDATA [Amazon Linux 2016.09]]></0OS> 
<METADATA> 
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<EC2> 
<ATTRIBUTE> 
<NAME><! 


[CDATA[latest/dynamic/instance- 
identity/document/region] ] ></NAME> 
<LAST_STATUS>Success</LAST_ STATUS> 
<VALUE><! [CDATA[us-east-1] ]></VALUE> 
<LAST SUCCESS DATE>2017-03- 
21T13:39:38Z</LAST SUCCESS DATE> 
<LAST ERROR DATE></LAST ERROR DATE> 
<LAST ERROR><! [CDATA[]]></LAST ERROR> 
</ATTRIBUTE> 
<ATTRIBUTE> 
<NAME><! [CDATA[latest/dynamic/instance- 
identity/document/accountId] ] ></NAME> 
<LAST_STATUS>Success</LAST_ STATUS> 
<VALUE><! [CDATA[205767712438] ]></VALU 
<LAST SUCCESS DATE>2017-03- 
21T13:39:38Z</LAST SUCCESS DATE> 
<LAST ERROR DATE></LAST ERROR DATE> 
<LAST ERROR><! [CDATA[]]></LAST ERROR> 
</ATTRIBUTE> 
</EC2> 
</METADATA> 
<LAST_VULN_SCAN_DATETIME>2017-03- 
21T13:39:38Z</LAST VULN SCAN _DATETIME> 
<LAST VM SCANNED DATE>2017-03- 
217T13:39:38Z</LAST VM SCANNED DATE> 
<LAST VM SCANNED DURATION>229</LAST VM SCANNED DURATION> 
<LAST_VM AUTH SCANNED DATE>2017-03- 
21T13:39:38Z</LAST VM AUTH SCANNED DATE> 
<LAST VM AUTH SCANNED DURATION>229</LAST VM AUTH SCANNED DU 


eal 
V 


RATION> 


<LAST COMPLIANCE SCAN DATETIME>2017-03- 
21713:21:51Z</LAST_ COMPLIANCE SCAN DATETIME> 
</HOST> 
</HOST_LIST> 
</RESPONSE> 
</HOST LIST _OUTPUT> 


Sample - Record Limit Exceeded Warning 


In this case 1,000 host records are included in the XML output and the Warning message 
(shown below) indicates the URL you need to use to request the next 1,000 host records. 


<RES PONSE> 


<WARNING> 
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<CODE>1980</CODE> 
<TEXT>1000 record limit exceeded. Use URL to get next batch 
of results.</TEXT> 


<URL><! [CDATA[https://qualysapi.qualys.com/api/2.0/fo/asset/host/? 
action=list&id_min=2400356] ]></URL> 

</WARNING> 

</RESPONSE> 


DTD 
<platform API server>/api/2.0/fo/asset/host/dtd/list/output.dtd 
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Host Update 


/api/2.0/fo/asset/host/? action=update 
[POST] 


Here you can filter host assets based on input parameters and then you can update host 
attributes using new update parameters (new_tracking method, new_owner, new_ud1, 
new_ud2, new_ud3, and new_comment). 


Good to Know 


- With host update API, you can update host attributes like tracking method (IP, DNS, 
NETBIOS), owner, user defined fields (ud1, ud2, ud3), and comments. 


- You cannot update an IP to use tracking method EC2 or AGENT. Also, if an IP is already 
tracked by EC2 or AGENT, you cannot change the tracking method to something else. We 
will skip the tracking method update in these cases. 


Identify the hosts you want to update 


As part of the update request you'll need to tell us which hosts you want to update. You 
can do this in a number of ways. You can simply specify the host IDs, or you can specify IP 
addresses, asset group IDs or asset group titles. When specifying IP addresses or asset 
groups, there are additional optional input parameters available. 


Specify hosts using one of these combinations of input parameters: 
- ids (required) only 


- ips (required) with any of these optional parameters: host_dns, host_netbios, network_id, 
network_name, tracking_method 


- ag ids (required) with or without tracking method 
- ag titles (required) with or without tracking_method 


These input parameters are described in more detail below. 


Identify the changes you want to make 


Use new input parameters to tell us the host attributes you want to change. New input 
parameters include new_tracking_ method, new_owner, new_ud1, new_ud2, new_ud3, and 
new_comment. The new values you specify will overwrite the existing values, and your 
changes will apply to all hosts included in the API request. 


Input Parameters 
Use these input parameters when updating hosts. 


Parameter Description 

General 

action=update (Required) 

echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 


XML output. By default these are not included. 
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ids=[value) 


Show only certain host IDs/ranges. One or more host 


IDs/ranges may be specified. Multiple entries are comma 


separated. A host ID range is specified with a hyphen (for 
example, 190-400).Valid host IDs are required. 


ips={value} -or- 
{POSTed CSV raw data} 


The 
mus 


hosts within the subscription you want to update. IPs 
t be specified by using the “ips” parameter (using the 


POST method) or by uploading CSV raw data (using the 
POST method). To upload CSV raw data, specify --data- 


bina 


One 


ry <data>. 


or more IPs/ranges may be specified. Multiple entries 


are comma separated. An IP range is specified with a 
hyphen (for example, 10.10.30.1-10.10.30.50). CIDR 


notation is supported. 


network_id={value} 


(Vali 


d only when the Network Support feature is enabled 


for the user’s account) Restrict the request to a certain 


cust 


om network by specifying the network ID. When 


unspecified, we default to “0” for Global Default Network. 


network_name={value} 


(Valid only when the Network Support feature is enabled 
for the user’s account) Restrict the request to a certain 


cust 


om network by specifying the network name. 


tracking_method={value} 


Show only IP addresses/ranges which have a certain 
tracking method. 


host_dns={value} 


The 


only 


DNS hostname for the IP you want to update. A single 


IP must be specified in the same request and the IP will 


be updated if it matches the hostname specified. 


host_netbios={value} 


The 


NetBIOS hostname for the IP you want to update. A 


single IP must be specified in the same request and the IP 
will only be updated if it matches the hostname specified. 


Host Changes 


new_tracking_method={val 


ue} 


(Optional) Change the tracking method. Specify IP for IP 
address, DNS or NETBIOS. Note - You cannot change the 
tracking method to EC2 or AGENT. If an IP is already 
tracked by EC2 or AGENT, you cannot change the tracking 
method to something else. 


new_owner={value} 


(Opti 


onal) Change the owner of the host asset(s). The 


owner must be a Manager. Another user (Unit Manager, 
Scanner, Reader) can be the owner if the IP address is in the 


user 


's account. 


new_ud1={value} 
new_ud2={value} 
new_ud3={value} 


(Opti 


You 


onal) Change values for user-defined fields 1, 2 and 3. 
can specify a maximum of 128 characters (ascii) for 


each field value. 


new_comment={value} 


(Opti 


onal) Change the user-defined comments. Specify new 


comments for the host asset(s). 
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Assets 
Host Update 


Sample - Update Host Attributes with Host IDs 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl demo2" 
"POST" -d 
"action=updateéids=2332017&new tracking method=DNSé&new_udl=Locénew 
_ud2=Funé&new ud3=ATé&new comment=API Comment&new_owner=akreb nb" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE HOST LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/dtd/update/out 
put.dtd"> 
<HOST UPDATE 
<RESPONSE> 
DATETIME>2021-03-09T10:38:17Z</DATETIME> 
EXT>Assets successfully updated</TEXT> 


_OUTPUT> 


</HOST UPDATE OUTPUT> 


Sample - Update Host Attributes with IPs 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl demo2" 
TPOST™ =A 
"action=updatesçips=10.10.32.31g&new_tracking_method=DNS&new_udl=Loc 
&new ud2=Fun&new ud3=AT&new comment=API Commenté&new owner=akreb nb 
" "https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE HOST_LIST_OUTPUT SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/asset/host/dtd/update/out 

put.dtd"> 

<HOST_UPDATE 

<RESPONSE> 

<DATETIME>2021-03-09T06:03:42Z</DATETIME> 

<TEXT>Assets successfully updated</TEXT> 
</RESPONSE> 

</HOST_ UPDATE OUTPUT> 


_OUTPUT> 


T 


Sample - Update Host Attributes with Asset Group IDs 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl demo2" 


455 


Assets 
Host Update 


"POST" -d 

"action=updateéag_ ids=4580719&new tracking method=IP&new udl=Loc&n 
w_ud2=Funé&new ud3=ATénew comment=API Commenténew_ owner=akreb nb" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE HOST LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/dtd/update/out 
put.dtd"> 
<HOST UPDATE 
<RESPONSE> 
DATETIME>2021-03-09T10:39:112Z</DATETIME> 


_OUTPUT> 


EXT>Assets successfully updated</TEXT> 
</RESPONSE> 
</HOST UPDATE OUTPUT> 


Sample - Update Host Attributes with Asset Group Titles 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl demo2" 
"POST" -d 

"action=updateéag titles=AG Updateénew tracking method=IP&new_ udl= 
Loc&énew_ ud2=Funé&new ud3=AT&new_comment=API Comment &new_owner=akreb 
_nb" "https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE HOST LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/dtd/update/out 
put.dtd"> 
<HOST UPDATE 
<RESPONSE> 
DATETIME>2021-03-09T10:39:432</DATETIME> 


_OUTPUT> 


EXT>Assets successfully updated</TEXT> 
</RESPONSE> 
</HOST UPDATE _OUTPUT> 


DTD for Host Update 
<platform API server>/api/2.0/fo/asset/host/dtd/update/output.dtd 
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Assets 
Host List Detection 


Host List Detection 
/api/2.0/fo/asset/host/vm/detection/ 
[GET] [POST] 


Download a list of hosts with the hosts latest vulnerability data, based on the host based 
scan data available in the user’s account. This data brings a lot of value to customers 
because they provide the latest complete vulnerability status for the hosts (NEW, ACTIVE, 
FIXED, REOPENED) and history information. 


Permissions - Managers view all VM scanned hosts in subscription. Auditors have no 
permission to view VM scanned hosts. Unit Managers view VM scanned hosts in the user’s 
assigned business unit. Scanners and Readers view VM scanned hosts in the user’s 
account. Please note that this API only returns information for hosts that are assigned to 
each user through asset groups in VM/VMDR. 


Express Lite - This API is available to Express Lite users. 


Input Parameters 


The input parameter action=list is required. All other input parameters are optional. 
Several filtering parameters are provided for filtering hosts and QIDs. When multiple filter 
parameters are specified, the service combines the effects of all the parameters in a way 
that corresponds to a logical “AND”. So if two filter parameters are specified in the 
request, the service returns hosts that match both filters. 


Quick Links: Detection Filters | Host Filters | QID Filters | Asset tags | EC2/Azure/GCP 
metadata 


API Request 

Parameter Description 

action=list (Required) 

echo_request={0|1} (Optional) Specify 1 to view input parameters in the XML 
output. When unspecified, parameters are not included in 
the XML output. 

show_asset_id={0|1} (Optional) When specified, we show the asset ID of the 


scanned hosts in the output. The default value of this 
parameter is set to 0. When set to 0, we do not show the 
asset id information for the scanned hosts. 
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Detection Filters 


Parameter 


Description 


Assets 
Host List Detection 


action=list 


(Required) 


echo_request=[0|1) 


(Optional) Show (echo) the request's input parameters 
(names and values) in the output. When unspecified, 
parameters are not included in the output. Specify 1 to 
view parameters in the output. 


show_results={0|1} 


(Optional) When not specified, results are included in the 
output. Specify show_results=0 to exclude the results. 

If you exclude the results, CSV will have an empty Results 
column, and XML will not contain the Results tag. 


show_reopened_info={0|1} 


(Optional) When not specified, reopened info for reopened 
vulnerabilities is not included in the output. Specify 
show_reopened_info=1 to include reopened info i.e. 
first/last reopened date, times reopened. 


arf_kernel_filter= 
(0|1|2]3|4) 


(Optional) Identify vulnerabilities found on running or non- 
running Linux kernels. 


Good to Know - It's possible that multiple kernels are 
detected on a single Linux host. You'll notice the scan 
results report the running kernel on each Linux host in Info 
Gathered QID 45097. 


When unspecified, vulnerabilities are not filtered based on 


kernel activity. <AFFE 
appear in the output. 
When set to 0, vulnerabili 
kernel activity. <AFFE 
the output for kernel 


When set to 1, exclud 
e (found on non-running kernels). 


are not exploitab 


<AFFECT_ RUNNING _KERNE 
nerabilities. 


kernel related vu 
When set to 2, on 


ly include 


GT- 


CI 


RUNNING_KERNE 


> does not 


ties are not filtered based on 
RUNNING_KERNEL> appears in 


related vulnerabilities. 


e kern 


el related vulnerabilities that 


> appears in the output for 


kernel related vulnerabilities 


that are not exploitable (found on non-running kernels). 


<AFFECT_RUNNING_KERNE 
a value of 0 for each detecti 


When set to 3, on 


<AFFEC 


When set to 4, on 
<AFFEC 


ly include 
that are exploitable (found 
_RUNNING_KERNE 
a value of 1 for each detecti 


ly include 
_RUNNING_KERNE 
a value of 0 or 1 for each detection. 


on. 


on running kernels). 


> appears in the output with 


kernel related vulnerabilities 


on. 


> appears in the output with 


kernel related vulnerabilities. 
> appears in the output with 


Note that active _ 


Kern 


els_on 


y is deprecated and will be 


removed in a future release. Please use arf_kernel_filter 


instead. 
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Parameter 


Description 


Assets 
Host List Detection 


arf_service_filter= 
{O|1|2|3|4} 


(Opti 


When 


does 


When 


onal) Identify vulnerabilities found on running or non- 
running ports/services. 


ERV 


running ports/services. <AFFECT_RUNNING SI] 


appears 
When 


<AFF 


service related 


When set to 2, only include service related v 
that are exploi 


<AFF 


a value of 0 for 


in the output for se 
set to 1, exclude servi 


are exploitable (found on run 


vulnerabilities that have a val 


ECT_RUNNING_SE 


RVICE> appe 


that are not exploitable 


ports/services). <AFFECT 


the o 


When set to 4, only include service rel 
RVICE> appe 


<AFF 


utput with a value 


each det 
When set to 3, only include service related v 


ection. 


ECT_RUNNING_SE 


a value of 0 or 1 for each detection. 


ce related vulnerabilit 
ning ports/services). 
ECT_RUNNING_SERVICE> appe 


ERV 
rvice related vulnerabi 


unspecified, vulnerabilities are not filtered based on 
running ports/services. <AFFECT_RUNNING SI] 
not appear in the output. 


set to 0, vulnerabiliti 


CE> 


es are not filtered based on 
CE> 
lities. 
ies that 


ars in the output for 


ue of 1. 


ulnerabilities 
table (found on running ports/services). 


ars in the output with 


ulnerabilities 
(found on non-running 
[ RUNNING_SERVICE> appears in 
of 1 for each detection. 


ated vulnerabilities. 
ars in the output with 


arf_config_filter= 
{0|1|2|3|4} 


(Optional) Identify vulnerabi 
exploitable due to the curren 
When 
host configuration. <AFFECT_EXPLOI 


not appear in the output. 
When 


unspecified, vulnerabilities are 


ities tha 


set to 0, vulnerabil 
configuration. <AFFECT_] 


in the output for config related vulnerabilities. 


When 


<AFF 


tion 


‘AB 


ECT_EXPLOI 


for config related detections that have a value of 1. 


When 
that are exploitab 
appears in the output wi 
When 
that are not exploitable. 
appears in the output wi 
When 


<AFF 


set to 2, only include con 


c 


g related vuln 


1 


erabil 


I 


set to 3, on 


y include con 


set to 4, only include con 


e. <AFFECT_EXPLOI 


‘ABLE 


c 


c 


ECT_EXPLOI 


AB 


th a value of 


g related vuln 
<AFFECT_EXPLOITAB 
th a value of 
g related vuln 


E_CONFIG> appears in the output 
with a value of 0 or 1 for each detecti 


7 


CONF 
0 for each detection. 


erab 


1 


on. 


erabil 


ope. 


t may or may not be 
t host configuration. 


not filtered based on 
‘ABLE_CONFIG> does 


ities are not filtered based on host 
EXPLOITABLE_CONFIG> appears 


set to 1, exclude vulnerabilities that are exploitable 
due to host configuration. 
E_CONFIG> appears in the output 


ities 
G> 


ties 


E_CONFIG> 
1 for each detection. 


ities. 
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Parameter 


Assets 
Host List Detection 


Description 


active_kernels_only= 
[0|1|2]3) 


Optional) Identify vulnerabilities related to running and 
non-running kernels in the output in the tag 
<AFFECT_RUNNING_KERNEL>. 


Good to Know - It’s possible that multiple kernels are 
detected on a single Linux host. You’ll notice the scan 
results report the running kernel on each Linux host in 
Information Gathered QID 45097. 


When unspecified, vulnerabilities are not filtered based on 
kernel activity. <AFFECT_RUNNING_KERNEL> does not 
appear in the output for kernel related vulnerabilities. 


When set to 0, vulnerabilities are not filtered based on 
kernel activity. <AFFECT_RUNNING_KERNEL> appears in 
the output for kernel related vulnerabilities. 


When set to 1, exclude vulnerabilities found on non- 
running Linux kernels. <AFFECT_RUNNING_KERNEL> 
appears in the output for kernel related vulnerabilities. 


When set to 2, only include vulnerabilities found on non- 
running Linux kernels. <AFFECT_RUNNING_KERNEL> 
appears in the output with a value of 0 for al 


vulnerabilities. 


When set to 3, only include vulnerabilities found on 
running Linux kernels. <AFFECT_RUNNING_KERNEL> 
appears in the output with a value of 1 for al 
vulnerabilities. 


Note that active_kernels_only is deprecated and will be 
removed in a future release. Please use arf_kernel_filter 
instead. 
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Parameter 


Description 


Assets 
Host List Detection 


output_format=[xML|CSV| 


(Optional) Specifies the format of the host detection list 


CSV_NO_METADATA|CSV_N output. When not specified, the output format is XML. 


O_METADATA MS_ 


SV_MS_ 


EXC 


EL) 


EXC 


CSV_NO_MI 
XML (defau 


CSV - Speci 


structured in these section 


ETAI 


s: HEA] 


parameters specified during the list request if 
echo_request=1 is also specified), BODY_CSV (lists host 
records matching filters) and FOOTER_CSV (lists status 
messages and truncation details, if applicable). 


CSV_NO_MI 


ETADA’ 
with no metadata. 


ELIC Valid values are: XML, CSV or CSV_NO_METADATA, 
DATA MS_EXCEL or CSV_MS_EXCEL 


t) - Specifies XML format for the output. 


fies CSV format for the output. The output is 
DER_CSV (lists input 


A - Specifies CSV format for the output 
In this case, the output will not be 


structured with header, body and footer sections, and will 
not indicate whether the list is truncated. 


CSV_NO_MI 


ETADA’ 
use CSV format for the ou 
Excel restrictions on the maxi 


string value in the output. 


CSV_MS_EXC] 
for the output with MS | 


EL - When 


length allowed for a string va 
the output will be truncated 1 
exceeds the maximum length 


f the length of the 
supported in MS | 


A MS_EXCEL - When specified we will 
tput with no metadata with MS 
mum length allowed for a 


specified we will use CSV format 
Excel restriction on the maximum 
ue in the output. A value in 


value 
Excel. 


suppress_duplicated_data_from_csv={0|1} 


— 


'This parameter must be specified with: 
output_format=CSV or 
output_format=CSV_NO_METADATA. 


Optional) By default or when set to 0, host details will be 
repeated in each line of detection information in the CSV 
output. When set to 1, host details will not be repeated 

(suppressed) in each detection line. 
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Assets 
Host List Detection 


Parameter Description 


truncation_limit=[value) (Optional) Specifies the maximum number of host records 
processed per request. When not specified, the truncation 
limit is set to 1000 host records. You may specify a value 
less than the default (1-999) or greater than the default 
(1001-1000000). Specify 0 for no truncation limit. 


If the requested list identifies more host records than the 
truncation limit and output_format=XML, then the XML 
output includes the <WARNING> element and the URL for 
making another request for the next batch of host records. 


If the requested list identifies more host records than the 
truncation limit and output_format=CSV, then the CSV 
output includes “Truncated” in the FOOTER_CSV section 
and the URL for making another request for the next batch 
of host records. 


Check API samples (2, 4, 16) 
Qualys API - Host List Detection API samples (GitHub) 


max_days_since_detection_updated={value} 


(Optional) Show only detections whose detection status 
changed since some maximum number of days you 
specify. For detections that have never changed the 
maximum number of days is applied to the last detection 
date. 


One of these parameters may be specified in the same 
request: detection_updated_since, 
max_days_since_detection_updated 


detection_updated_since={value 


(Optional) Show only detections whose detection status 
changed after a certain date and time. For detections that 
have never changed the date is applied to the last detection 
date. Valid date format is: YYYY-MMDD[THH:MM:SSZ] 
format (UTC/GMT), like “2017-02-15” or “2017-02- 
15T23:15:002”. 


Tip: You can use this parameter in conjunction with the 
detection_updated_before parameter to limit the 
detections shown to a specific date range. 


One of these parameters may be specified in the same 
request: detection_updated_since, 
max_days_since_detection_updated 
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Assets 
Host List Detection 


Parameter Description 
detection_updated_before=[value) 


1 


(Optional) Show only detections whose detection status 

changed before a certain date and time. Valid date format 
is: YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT), like 
“2017-02-15” or “2017-02-15T23:15:002Z”. 
Tip: You can use this parameter in conjunction with the 


detection_updated_since parameter to limit the detections 
shown to a specific date range. 


One of these parameters may be specified in the same 
request: detection_updated_since, 
max_days_since_detection_updated 


detection_processed_before={date} 


(Optional) Show detections with vulnerability scan results 


processed before a certain date and time. Specify the date 
in YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT), like 


“2016-09-12” or “2016-09-12T23:15:002”. 
detection_processed_after={date} 


(Optional) Show detections with vulnerability scan results 

processed after a certain date and time. Specify the date in 

YYYY-MMDD[ THH:MM:SSZ] format (UTC/GMT), like 

“2016-09-12” or “2016-09-12T23:15:002Z”. 
detection_last_tested_since={date} 


(Optional) Show only detections that were last tested on or 
after a certain date and time. Valid date format is: 
YYYYMM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018- 
07-01” or “2018-01-25T23:12:002”. 


You can use this parameter in conjunction with 
detection_last_tested_before or 
detection_last_tested_before_days to limit the detections 
shown to a date range. 


This parameter cannot be specified in the same request as 
detection_last_tested_since_days. 


detection_last_tested_since_days={value 


(Optional) Show only detections that were last tested 
within the number of days you specify. For example, show 
detections last tested in the past 10 days. 


You can use this parameter in conjunction with 
detection_last_tested_before or 
detection_last_tested_before_days to limit the detections 
shown to a specific date range. 
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Parameter 


Assets 
Host List Detection 


Description 


This parameter cannot be specified in the same request as 
detection_last_tested_since. 


detection_last_tested_before={date} 


(Optional) Show only detections that were last tested 
before a certain date and time. Valid date format is: 
YYYYMM-DD/[THH:MM:SSZ] format (UTC/GMT), like “2018- 
07-01” or “2018-01-25T23:12:00Z”. 


You can use this parameter in conjunction with 
detection_last_tested_since or 
detection_last_tested_since_days to limit the detections 
shown to a specific date range. 


This parameter cannot be specified in the same request as 
detection_last_tested_before_days. 


detection_last_tested_before_days={value} 


(Optional) Show only detections that were last tested 
before the number of days you specify. For example, show 
detections last tested more than 30 days ago. 


You can use this parameter in conjunction with 
detection_last_tested_since or 
detection_last_tested_since_days to limit the detections 
shown to a specific date range. 
Th 
de 


is parameter cannot be specified in the same request as 
tection_last_tested_before. 


include_ignored={0|1} 


(Optional) Use this parameter to include or exclude the 
QIDs that were ignored during detection. Specify 
include_ignored=1 to include results in the output. 


include_disabled={0|1} 


(Optional) Use this parameter to include or exclude the 
QIDs that were disabled during detection. Specify 
include_disabled=1 to include results in the output. 


Host Filters 


Parameter 


Description 


ids={value} 


(Optional) Show only certain host IDs/ranges. One or more 
host IDs/ranges may be specified. Multiple entries are 
comma separated. A host ID range is specified with a 
hyphen (for example: 190-400).Valid host IDs are required. 


id_min={value} 


( 
(Optional) Show only hosts which have a minimum host 
ID value. 


id_max={value} 


(Optional) Show only hosts which have a maximum host 
ID value. A valid host ID is required. 
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Parameter 


Assets 


Host List Detection 


Description 


ips={value} 


Optional) Show only certain IP addresses/ranges. One or 
more IPs/ranges may be specified. Multiple entries are 

comma separated. An IP range is specified with a hyphen 
for example: 10.10.10.1-10.10.10.100). 


ipv6={value} 


Optional) A valid IPv6 address. Multiple entries are comma 
separated. 
If ipv6 is used as filter parameter then other target input 
filter parameters are not accepted. 


ag_ids={value} 


Optional) Show only hosts belonging to asset groups with 
certain IDs. One or more asset group IDs and/or ranges 
may be specified. Multiple entries are comma separated. A 
range is specified with a dash (for example: 386941- 
386945). Valid asset group IDs are required. 


The ag_ids and ag_titles parameters are mutually exclusive 
and cannot be specified together in the same request. 


ag_titles={value} 


(Optional) Show only hosts belonging to asset groups with 
certain strings in the asset group title. One or more asset 
group titles may be specified. Multiple entries are comma 
separated (for example, 
My+First+Asset+Group,Another+Asset+Group). 


The ag_ids and ag_titles parameters are mutually exclusive 
and cannot be specified together in the same request. 


network_ids={value} 


(Optional, and valid only when the Network Support 
feature is enabled for the user’s account) 

Restrict the request to certain custom network IDs. 
Multiple network IDs are comma separated. 


vm_scan_since={date} 


(Optional) Show hosts scanned and processed since a 
certain date and time (optional). The date/time is specified 
in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2007-07-01” or “2007-01-25T23:12:002”. 


This parameter cannot be specified with 
max_days_since_vm_scan in the same request. 


no_vm_scan_since={date} 


(Optional) Show hosts not scanned and processed since a 
certain date and time (optional). The date/time is specified 
in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2007-07-01” or “2007-01-25T23:12:002Z”. 


This parameter cannot be specified with 
max_days_since_vm_scan in the same request. 


max_days_since_last_vm_scan={value} 


(Optional) Show only hosts scanned and processed in the 
past number of days, where the value is a number of days. 


This parameter cannot be specified with any of these 
parameters in the same request: vm_scan_since and 
no_vm_scan_since. 
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Parameter 


Assets 
Host List Detection 


Description 


vm_processed_before= 
{date} 


(Optional) Show hosts with vulnerability scan results 
processed before a certain date and time. Specify the date 
in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2016-09-12” or “2016-09-12T23:15:00Z”. 


vm_processed_after={date} 


(Optional) Show hosts with vulnerability scan results 
processed after a certain date and time. Specify the date in 
YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like 
“2016-09-12” or “2016-09-12T23:15:002Z”. 


vm_scan_date_before=date} 


(Optional) Show hosts with a vulnerability scan end date 
before a certain date and time. Specify the date in YYYY- 
MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09- 
12” or “2016-09-12T23:15:00Z”. 


vm_scan_date_after={date} 


(Optional) Show hosts with a vulnerability scan end date 
after a certain date and time. Specify the date in YYYY- 
MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09- 
12” or “2016-09-12T23:15:00Z”. 


vm_auth_scan_date_before 
=({date} 


Optional) Show hosts with a successful authenticated 
vulnerability scan end date before a certain date and time. 
Specify the date in YYYY-MM-DD[THH:MM:SSZ] format 
UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:002”. 


vm_auth_scan_date_after= 
{date} 


Optional) Show hosts with a successful authenticated 
vulnerability scan end date after a certain date and time. 
Specify the date in YYYY-MM-DD[THH:MM:SSZ] format 
UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:002”. 


status={value} 


(Optional) Show only hosts with one or more of these 
status values: New, Active, Re-Opened, Fixed. Multiple 
status values are entered as a comma-separated list. 


If this parameter is not passed to the API, by default, the 
output contains detections with New, Active or Re-Opened 
<STATUS> only. 


To get hosts with Fixed status, check this API sample 
Qualys API - Host List Detection API samples (GitHub, 
sample 11) 


compliance_enabled={0|1} 


(Optional) This parameter is valid only when the policy 
compliance module is enabled for the user account. This 
parameter is invalid for an Express Lite user. 


Specify 1 to list compliance hosts in the user’s account that 
have been scanned and processed. These hosts are 
assigned to the policy compliance module. Specify 0 to list 
scanned hosts which are not assigned to the policy 
compliance module. 


466 


Parameter 


Assets 
Host List Detection 


Description 


os_pattern=[expression) 


(Optional) Show only hosts which have an operating 
system matching a certain regular expression. An empty 
value cannot be specified. Use “%5E%24” to match empty 
string. 


Important: The regular expression string you enter must 
follow the PCRE standard and it must be URL encoded. 


Sample regular expression strings for matching OS names: 
Qualys API - Host List Detection API samples (GitHub, see 
sample 17) 


For information about the Perl Compatible Regular 
Expressions (PCRE) standard visit: 
http://php.net/manual/en/book.pcre.php 


For the PCRE syntax, see: 
http://php.net/manual/en/reference.pcre.pattern.syntax.p 
hp 


http://www.php.net/manual/en/reference.pcre.pattern.pos 
ix.php 


QID Filters 


Parameter 


Description 


qids={value} 


(Optional) Show only detection records with certain QIDs. 
One or more QIDs may be specified. A range is specified 
with a dash (for example: 68518-68522). Multiple entries 
are comma separated. Valid QIDs are required. 


severities={value} 


(Optional) Show only detection records which have certain 
severities. One or more levels may be specified. A range is 
specified with a dash (for example: 1-3). Multiple entries 
are comma separated. 


filter_superseded_qids={0|1} 


(Optional) When unspecified or set to 0, the XML output 
includes all QIDs even if they’ve been superseded. Specify 1 
to filter out QIDs that have been superseded by another 
QID in the results. 


show_igs={0|1} 


Optional except as noted) Specify 1 to show detection 
records with information gathered along with confirmed 
vulnerabilities and potential vulnerabilities. Specify 0 
default) to hide information gathered. 


The show_igs parameter is required in one use case. The 
parameter show_igs=1 must be specified if both these 
conditions are met: 1) search lists are included using the 
parameter include_search_list_titles or 
include_search_list_ids, and 2) if the included search lists 
contain only information gathered. 
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Parameter 


Description 


Assets 
Host List Detection 


include_search_list_titles= 
{value} 


QID is IN 


titles are 


Optional) Sh 


comma separated. 


ow detection records only when a record’s 
CLUDED IN in one or more o 
ist titles. One or more titles may be specified. Multiple 


£ 


the specified search 


This parameter cannot be specified with any of these 
parameters in the same request: qids, severities or 
include_search_list_ids. 


exclude_search_list_titles= 
{value} 


QID is IS 


Multiple 


Optional) Show detection records only when a record's 
EXCLUDED from one or more of the specified 
search list titles. One or more titles may be specified. 
titles are comma separated. 


exclude_! 


search_list_ids. 


This parameter cannot be specified with any of these 
parameters in the same request: gids, severities or 


include_search_list_ids= 
{value,value...} 


titles. On 


Optional) Sh 


ow detection records only when a record’s 
QID IS INCLUDED in one or more of the specified search list 


e or more IDs may be specified. A range is 
specified with a dash (for example: 10-15). Multiple entries 
are comma separated. 


This parameter cannot be specified with any of these 
parameters in the same request: qids, severities or 
include_search_list_titles. 


exclude_search_list_ids= 
{value,value...} 


(Optional) Show detecti 


on records only when a record’s 


QID IS EXCLUDED from one or more of the specified search 
list titles. One or more IDs may be specified. A range is 

specified with a dash (for example: 40-42). Multiple entries 
are comma separated. 


This parameter cannot be specified with any of these 
parameters in the same request: qids, severities or 


exclude _| 


search _list_titles. 


Asset tags 
Parameter Description 
use_tags=(0|1} (Optional) Specify 0 (the default) if you want to select hosts 


based on 


IP addresses/ranges and/or asset groups. Specify 


1 if you want to select hosts based on asset tags. 


tag_set_by={id|name} 


(Optiona 
select at 
selectat 


when use_tags=1) Speci 


fy “id” (the default) to 


ag set by providing tag IDs. Specify “name” to 
ag set by providing tag names. 


tag_include_selector= 
{any|al]} 


(Optiona 


when use_tags=1) Selec 


t “any” (the default) to 


include hosts that match at least one of the selected tags. 


Select “a 
tags. 


P” to include hosts that match all of the selected 
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Parameter 


Description 


Assets 
Host List Detection 


tag exclude_selector= 
[any|all) 


(Optional when use_tags=1) Select “any” (the default) to 
exclude hosts that match at least one of the selected tags. 
Select “all” to exclude hosts that match all of the selected 


tags. 


tag_set_include={value} 


are comma separated. 


Optional when use_tags=1) Specify a tag set to include. 
Hosts that match these tags will be included. You identify 
the tag set by providing tag name or IDs. Multiple entries 


tag_set_exclude={value} 


are comma separated. 


Optional when use_tags=1) Specify a tag set to exclude. 
Hosts that match these tags will be excluded. You identify 
the tag set by providing tag name or IDs. Multiple entries 


show_tags={0|1} 


Optional 


each host in the XML output. 


Specify 1 to display asset tags associated with 


EC2/Azure/GCP metadata 


Parameter 


Description 


host_metadata={value} 


(Optional) Specify “all” to list all cloud assets with their 
metadata or specify the name of the cloud provider to 
show only the assets managed by the cloud provider. 

Valid values: all, ec2, google, azure 


host_metadata_fields= 
{value1,value2} 


(Optiona 


metadata fields to only return data for certa 


attributes. 


when host_metadata is specified) Specify 


n 


show_cloud_tags=[0|1) 


(Optional) Specify 1 to display cloud provider tags for 
each scanned host asset in the output. The default 


value of the parameter 
will not show the cloud 
assets. 


is set to 0. When set 


provider tags for the 


to 0, we 
scanned 


cloud_tag_fields={value1, 
value2} 


(Optional when show_c 


return 


oud_tags is specified) Specify 
cloud tags or cloud tag and name combinations to only 


name and value combin 


instance). 


information for specified cloud tags. A cloud tag 


ation is specified with a colon 
(for example:SomeTag6:AY_ec2). For each cloud tag, we 
show the cloud tag’s name, its value, and last success 
date (the tag last success date/time, fetched from 


If this parameter is not specified and 
"show_cloud_tags" is set to 1, we will show all the cloud 
provider tags for the assets. 
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Assets 
Host List Detection 


Keep Alive Mechanism 


The service uses a “keep alive” mechanism to maintain an open connection to the Qualys 
server for the duration of the host detection list API request. To keep the connection alive, 
the service sends some “dummy” data back to the client every 30 to 40 seconds if no “real” 
data has been sent already by the API during that time. 


In XML output, this “dummy” data appears as a “<!-- keep-alive -->” line (since comments 
should be safely ignored by downstream XML parsers). 


In CSV and CSV_NO_METADATA output, this “dummy” data appears as a <CR><LF> 
(carriage return, linefeed) pair (since empty lines clearly do not contain any CSV data). 


Sample - List VM scanned hosts 
API request: 


curl -u "username:password" -H "X-Requested-With: curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/? 
action=list" 


XML output: 
<HOST LIST VM DETECTION OUTPUT> 
<RESPONSE> 
<DATETIME>2018-04-26T11:25:58Z</DATETIME> 
<HOST LIST> 
<HOST> 
<ID>6506432</ID> 
<IP>10.10.10.11</IP> 
<TRACKING METHOD>IP</TRACKING METHOD> 
<OS><! [CDATA [Windows 2008 R2 Enterprise Service Pack 
1]]></os> 
<DNS><! [CDATA[2k8r2-u-10-11.sample.qualys.com] ]></DNS> 
<DNS_DATA> 
<HOSTNAME><! [CDATA[2k8r2-u-10-11] ] ></HOSTNAME> 
<DOMAIN><! [CDATA[sample.qualys.com] ]></DOMAIN> 
<FOQDN><! [CDATA[2k8r2-u-10-11.sample.qualys.com] ]></FQDN> 
</DNS_DATA> 
<NETBIOS><! [CDATA[2K8R2-U-10-11] ]></NETBIOS> 
<LAST SCAN DATETIME>2018-04- 
13T03:49:05Z</LAST SCAN _DATETIME> 
<LAST VM SCANNED DATE>2018-04- 
13T03:48:50Z</LAST VM SCANNED _DATE> 
<LAST VM SCANNED DURATION>352</LAST VM SCANNED DURATION> 
<DETECTION LIST> 
<DETECTION> 
<QID>38170</QID> 
<TYPE>Confirmed</TYPE> 
<SEVERITY>2</SEVERITY> 
<PORT>3389</PORT> 


T 
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p 


<PROTOCOL>tcp</PROTO 
<SSL>1</SSL> 
<RESULTS><! [CDATA[Ce 
(2k8r2-u-10-11) doesné&apos;t 
resolve] ]></RESULTS> 
<STATUS>Active</STAT 


Assets 
Host List Detection 


COL> 


rtificate #0 CN=2k8r2-u-10-11 


US> 


<FIRST FOUND DATETIM 


E>2018-01- 


Gm 


26T04:45:502</FIRST FOUND DAT 
<LAST FOUND DATETIME>2018-04- 
48:50Z</LAST FOUND DATETIME> 
<TIMES FOUND>111</TIMES FOUND> 
<LAST TEST DATETIME>2018-04- 
48:50Z</LAST TEST _ IME> 
<LAST UP F>2018-04- 
49:05Z</LAST_U 'TIME> 
<IS_IGNO _IGNOR 
<IS DISAB _DISABLED> 
<LAST_ PROC ETIME>2018-04- 
49:05Z</LAST_PROCE ETIME> 
</DETECTION> 
<DETECTION> 
<QID>38173</QI 
<TYPE>Confirmed</TYPE> 
<SEVERITY>2</SEVERITY> 
<PORT>3389</PORT> 
<PROTOCOL>tcp</PROTOCOL> 
<SSL>1</SSL> 
<RESULTS><! [CDA] 
unable to get local 


'TIME> 


W EQ 3: 


13T03: 


13T03: 


my 
E, 


T 


13T03: 


= 


[A[Certificate #0 CN=2k8r2-u-10-11 


issuer certificate]]></RESULTS> 
<STATUS>Active</STATUS> 
<FIRST FOUND DATETIMF>2018-01- 
26T04:45:50Z</FIRST FOUND DATETIME> 
<LAST FOUND DATETIME>2018-04- 
13T03:48:50Z</LAST FOUND DATETIME> 
<TIMES FOUND>111</TIMES FOUND> 
<LAST TEST DATFTIME>2018-04- 
13T03:48:50Z</LAST TEST DATETIME> 
<LAST UPDATF DATETIMF>2018-04- 
13T03:49:05Z</LAST UPDATE DATETIME> 
<IS_IGNORED>0</IS_IGNORED> 
<IS_DISABLED>0</IS_DISABLED> 
<LAST PROCESSED DATETIME>2018-04- 
13T03:49:052Z</LAST PROCESSED DATETIME> 
</DETECTION> 
<DETECTION> 
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MAC 
GRADI 


my 
Ë, 


RC4-SHA RSA 
RC4-MD5 RSA 


26TO4: 


1370 3:2 


I3TO3% 


13 TO8: 


Toa EO 3: 


</HOST_ 


</R 


</HOST LIST VM D 


ENCRYPTION ( 


TLSv1 


45 


48 


48 


49 


49 


</DET 


:50Z</FI 


:50Z</ 


:50Z</ 


<QID>38601< 
<TYP 

<SEV 
<PO 
<PROTOCOL> 
<SSL>1</SS 
<RESULTS><! 
EY-STR 
WITH RC4 CI 
RSA SHA1 


RSA MD5 RC4 


ERITY>2 


ies 


K 
H 


/QI 


</S 


RT>3389</PO 
tcp</P 


> 
[C 


PHI 


my 
E 


RC4 (128) 


(12 


D> 


E>Confirmed</TYP 


EVERIT 
RT> 
ROTO 


DATA[CIF 
ENGTH) 


Rs IS 
M 
M 


my 
Ë, 


ry 
E, 


8) 


Assets 
Host List Detection 


E> 
Y> 


COL> 


HER K 


EY 


EK XCHANG 


T 


AUTH 


ENTICATION 


UPPORTI 
IUM 
UM] ]></R 


ED 
D 
I 


ESULTS> 


<STATUS>Active</STATUS> 


<FIRST_FOUN 
RST FOU 
<LAST_FOUND 
LAST FO 
TIMES FO 
AST TI 
AST T 


< 
< 


UN 


:05Z</] 


:05Z</ 
</D 


p 


<LAST_UE 
LAST UE 
<IS_IGNO 
<IS_DISABL 


DA 
D 


EST 
EST_ 


DAT 


D DAT 
ND 
DAT 
UND DAT 
D>111</TIM 


DAT 


ETIM 


T 


.>2018-01- 


DATETI 


ME> 


ETIM 


F 


.>2018-04- 


4 


ETIM 


E> 


j 


'TIME> 
ETIM 


F 


F 


> 


ES_FOUND> 
2018-04- 


DAT 


ETIM 


E>2018-04- 


TE 


F 


DATETI 


ME> 


>0</IS_IGNOR 
D>O0</IS | 


D 


m 
Ë, 


ISABLED> 


<LAST PROC 


T 


SS 


T 


F 


{TIM 


T 


,>2018-04- 


LAST_PROC 


TECTION> 


py 


ECTION LIS 


</HOST> 


LIST> 


ESPONS 


E> 


ET 


'D_DAT 


ESS 


ED DAT 


ETIME> 


T> 


ECTION OUTPUT>> 


Sample - Host Detection XML Output, with truncation 


A truncated response is returned when the API request returns more host records than the 
truncation limit. In this sample, the truncation limit is set to 100 host records. 


API request: 


curl -u "username:password" 


=H: y 


X-Requested-With: curl" 


"https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/? 
action=listé&truncation limit=100" 


The Warning message in the XML output (shown below) indicates the URL you need to use 
to request the next 100 host records. 
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XML output: 


</DETECTION> 
</DETECTION LIST> 

</HOST> 
</HOST_LIST> 
<WARNING> 

<CODE>1980</CODE> 

<TEXT>100 record limit exceeded. Use URL to get next batch of 

results.</TEXT> 


GI 


<URL><! [CDATA[https://qualysapi.qualys.com/api/2.0/fo/asset/host/v 
m/detection/?action=listétruncation limit=100&id min=5641289]]></U 
RL> 7 7 
</WARNING> 
</RESPONSE> 
</HOST_ LIST VM DETECTION OUTPUT> 


Sample - Filter superseded QIDs (filter_superseded_qids=1) 


In this example any QID superseded by another QID has been filtered out of the results. 
The XML output includes QID 370584 and QID 370613. QID 370610 was filtered out 
because it was superseded by QID 370613. 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl" -d 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/?action= 
listé&filter superseded qids=1" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<! DOCTYPE HOST_LIST_VM_DETECTION_OUTPUT SYSTEM 
"http://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/dtd/outpu 
t.dtd"> 
<HOST_LIST_VM_DETECTION_OUTPUT> 
<RESPONSE> 
<DATETIME>2020-06-03T10:22:34Z</DATETIME> 
<HOST_LIST> 
<HOST> 
<ID>1145</ID> 
<IP>10.10.10.9</IP> 
<TRACKING METHOD>IP</TRACKING METHOD> 
<OS><! [CDATA[Windows 2003 Service Pack 2]]></0OS> 
<DNS><! [CDATA [win2003.sample.qualys.com] ] ></DNS> 
<DNS_DATA> 
<HOSTNAME> 
<! [CDATA[win2003]]> 
</HOSTNAME> 
<DOMAIN> 
<![CDATA[sample.qualys.com] ]> 
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</ DOMAIN> 
<FQDN> 


Assets 


Host List Detection 


<! [CDATA[win2003.sample.qualys.com]]> 


</FQDN> 
DNS_DATA> 
ETBIOS><! [CDATA[ 
LAST SCAN DATETIM 


F 


LAST_VM_SCANNED DAT 
LAST_VM_SCANNED D 


LAST PC SCANNED DAT 
ETECTION LIST> 


<D 


<QI 
<TYP 


D>370584</QID> 
E>Confirmed</TYP 


<SEVERITY>5</SEV 


ERIT 


<SSL>0</SSL> 
<RESULTS><! [CDATA 
42.0.0.0] ]></RE 


Version is S 


Cay 
UL 


<STATUS>Ac 


tive</S1 


<FIRST FOUND DAT 


T 


10T10:30:48Z</FIRST FO 


LWIN2003HP1] ]></NETBIOS> 
E>2018-01-08T19:50:18Z</LAST SCAN DAT 
E>2018-01-08T19:36:29Z</LAST VM SCANN 
URATION>619</LAST VM SCANNED DURATION> 
E>2017-11-15T16:58:16Z</LAST PC_SCANN 


E> 
[Y> 


S> 
>2017-10- 


F> 


<LAST FOUND 


27T23:04:10Z</LAST FOUN 


<TIMES FOUN 


>2020-04- 


> 
ES _FOUND> 


ETIME> 
ED DAT 


ED DAT 


Program Files\Mozilla Firefox\firefox.exe 
TS> 
TATU 


020-04-27T23:04:10Z</LAST T 


EST DAT 


ETIM 


>2020-04- 


29T 23705 


F> 


27T22:48 


:04Z</LAST FIX 
<IS_IGNORE 
<IS_DISABL 


S DISABL 


>2019-08- 


D> 
E D> 


<LAST_PROC 


>2020-04- 


27723:05:41Z</LAST PROC 


E> 


</DETECTION> 
ECTION> 


<D 


ET 


p 


D>370613</QID> 
E>Confirmed</TYP 


ERITY>5</S 


EV. 


L>0</SSL> 


S 
<RE 
FilesNGoogleNC 
33.0.1750.149 
$ProgramFiles%\Google\c 
version is 33.0.1750.14 


n 


hrome\A 
9] ]></RES 
<STATUS>Active</S1 


U 


E> 
ERITY> 


ULTS><! [CDATA[C: \Program 
hrome\Application\33.0.1750.149\chrome.dll file 


pplication\33.0.1750.149\chrome 


iTS> 


TAT 


U 


F 


TI 


F 


<FIRST FOUND DAT 
12T20:11:32Z</FIRST FOUND DAT 


S> 
>2017-11- 


as 


F> 


É 


F 


<LAST_FOUND_ DAT 


27T23:04:10Z</LAST FOUND DAT 


F 


m 


I 


F 


<TIMES FOUN 


D>162</T 


<LAST TEST DAT 


TI 


E>2 


F 


T 
<LAST_UPDATE DAT 


F 


TI 


E>2020-04- 


> 
ES_FOUND> 


version is 


.d11 file 


ETIM 


020-04-27T23:04:10Z</LAST_T 
>2020-04- 


F 


DAT 


a 


TI 


F> 


27T723:05:412Z</LAST UPDAT 


<LAST FIXED DAT 


PL 


B>2019-10- 
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EST DAT 
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30T22:28:59Z</LAST FIXED DATETIME> 
<IS_IGNORED>0</IS_IGNORED> 
<IS_DISABLED>0</IS_ DISABLED> 
<LAST PROCESSED DATETIME>2020-04- 
27T723:05:412Z</LAST PROCESSED DATETIME> 
</DETECTION> 
</DETECTION LIST> 
</HOST> 
</HOST_LIST> 
</RESPONSE> 
</HOST_LIST VM DETECTION _OUTPUT> 


More Samples 
Qualys API - Host List Detection API samples (GitHub) 


DTD 
<platform API server>/api/2.0/fo/asset/host/vm/detection/dtd/output.dtd 


Host List Detection - Normalized Data 


Qualys normalizes the vulnerability scan results into the database using a complex and 
sophisticated process. This mechanism generates what is called the vulnerability “host 
based”scan results. Normalized data brings a lot of value to customers because they 
provide the latest complete vulnerability status for the hosts (NEW, ACTIVE, FIXED, 
REOPENED) and history information. Normalized data is completely independent of scan 
results and option profiles, as shown in the diagram below. 


Scan 1 Scan 2 Scan 3 Scann 
Result 1 Result 2 Result 3 snusununumüanmau Result n 
Option Profile 1 Option Profile 2 Option Profile 3 Option Profile n 
Result 1 Result 2 Result 3 Result n 


Manual Data World 
Li — == = 


Auto Data World 


Filters (type 
— status — 
state etc..) 


The Qualys database stores automatic data for VM scanned hosts. For each of these hosts 
there can be multiple detection records. 
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What is a VM Scanned Host? A VM scanned host is a host that has been successfully 
scanned by the Qualys VM service for vulnerabilities. Note that a host is considered 
successfully scanned when it was included as a scan target, the scan was launched and it 
completed successfully. 


What is a Detection Record? A detection record is a unique instance of a discovered 
vulnerability for a given host. It identifies the host IP address, QID, port, service, FQDN and 
SSL flag (whether the vulnerability was detected over SSL). 


Host List Detection - Use Cases 


The host detection API is often used in conjunction with other information that can be 
downloaded using other Qualys APIs. 


Create Custom Technical Reports with vulnerability details 


Technical reports need additional information for each vulnerability such as the 
description, solution, threat or impact. The detection API provides the QID for each 
vulnerability found for an asset. The QID is a unique ID that references a vulnerability 
within the Qualys KnowledgeBase. 


Use the following workflow to create custom technical reports: 


Step 1 - Use the host list detection API to return “host based” vulnerability data for hosts in 
your account. 


Step 2 - Use the KnowlegeBase API (/api/2.0/fo/knowledge_base/vuln/?action=list) to 
obtain vulnerability data, such as the vulnerability description, threat and impact. It’s 
possible to make a request for all vulnerabilities (QIDs) in the KnowledgeBase or just a 
specific vulnerability. 


For example, to make a request for QID 90082 use the following URL: 


https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/?actio 
n=list&ids=90082 


where “qualysapi.qualys.com” is the name of the API server where your account is located 
(in this case US Platform 1). 


Step 3 - Correlate the vulnerability information in the third party application using the 
QID number provided in the <QID> XML output which is returned by the host detection 
API (Step 1) and the KnowledgeBase API (Step 2). 


A typical integration would be to create tables in a database for the XML output from both 
Qualys API functions and use QID as a key for a join. This way it would be possible to 
create queries that will provide all the vulnerabilities for a given set of hosts (according to 
custom search criteria) and their descriptions. 
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Get All PCI Vulnerabilities 


Step 1 - First you need to create a dynamic search list titled “PCI Vulns” using the Qualys 
user interface. When creating the dynamic search list, select the PCI option next to 
Compliance Type as shown below. 


Compliance Details 


Compliance Type L cobit™ HIPAA cipal sox PCI 


Qualys Top 20: (m| Top Internal 10 n Top External 10 


Other: T 2008 SANS 20 


zf 
Cancel Test J | J J 


Step 2 - Create an asset group titled “PCI Hosts” containing the hosts which are in scope 
for PCI compliance. 


Step 3 - Make the following host list detection API request using the asset group title “PCI 
Hosts” and the search list title “PCI Vulns”: 


https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/?a 
ction=listé&ag_titles=PCI+Hostséinclude search list _titles=PCI+Vuln 
Ss ' 


where “qualysapi.qualys.com” is the name of the API server where your account is located 
(in this case US Platform 1). 


Host List Detection - Best Practices 


Some background 


When API calls are done to pull large sets of data, the backend will process data by 
streaming that information in batches to ensure data integrity and preventing overloading 
the backend services. That means that there will be brief periods of speeds declining while 
the next batch is being retrieved and processed to stream back to the client. However, the 
overall speed averages itself out in the long run. 


You also need to keep in mind the contributing factors that could impact performance on 
a shared resource. Such as performing data pulls during peak usage, which will hit 
congestion and speeds will not be as fast as those conducted during off peak hours. There 
are also additional factors from the use of optional parameters used in API calls that do 
extra processing before streaming the data, active_kernels_only being an example. 


Multi-Threading 


We have been, and will continue to innovate and re-architect the capabilities of processing 
large amount of encrypted data for streaming through API to scale to our customers 
needs. While being able to provide customers with all of their Vulnerability information as 
quickly as possible is a primary focal point, it should be innovated in such a way that 
keeps data integrity in the forefront of every release. To do this, it takes time, effort, and 
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dedicated resources to ensure full testing is done to account for all aspects. With that in 
mind, the use of automation, threading, and parallelism are techniques to that can assist 
with increasing performance with data pulls. 


While fetching host information in an automated fashion, you can make use of multi- 
threading to collect data in batch sizes for optimum performance. 


Maximum benefit has seen when the batch size is set evenly throughout the number of 
parallel threads used. For example, a host detection call resulting in a return of 100k 
assets, and using 10 threads in parallel, would benefit the most by using a batch size of 
(100,000 / 10) = 10,000. To reduce having one thread slow down the entire process by 
hitting a congested server, you can break this out further into batches of 5,000 hosts, 
resulting in 20 output files. 


Looking for help? Check our examples here 


Qualys API - Host List Detection API samples - Multithreading (GitHub) 


Excluded Host List 
/api/2.0/fo/asset/excluded_ip/?action=list 
[GET} [POST] 


Show the excluded host list for the user's account. Hosts in your excluded host list will not 
be scanned. 


Permissions - Managers, Auditors view all excluded hosts in subscription. Unit Managers 
view excluded hosts in their own business unit. Scanners, Readers view excluded hosts in 
their account. 


Express Lite - This API is available to Express Lite users. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 


XML output. By default these are not included. 


ips={value} (Optional) Show only certain excluded IP addresses/ranges. 
When unspecified, all excluded IPs/ranges in your account 
will be listed. One or more IPs/ranges may be specified. 
Multiple entries are comma separated. An IP range is 
specified with a hyphen (for example, 10.10.24.1- 
10.10.24.20). 
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Description 


network_id={value} 


(Optional and valid only when the Network Support 
feature is enabled for the user’s account) Restrict the 
request to a certain custom network ID. You might need to 
use this parameter to get the excluded host list you're 
interested in. See User Scenarios to know more about the 
behavior of this parameter. 


Asset Groups 


ag_ids={value} 


(Optional and valid only when the Network Support 
feature is enabled for the user’s account) Restrict the 
request to a certain custom network ID. You might need to 
use this parameter to get the excluded host list you're 
interested in. 


ag_titles={value} 


(Optional) Show excluded hosts belonging to asset groups 
with certain strings in the asset group title. One or more 
asset group titles may be specified. Multiple entries are 
comma separated (for example, 
My+First+Asset+Group,Another+Asset+Group). 


These parameters are mutually exclusive and cannot be 
specified together: ag_ids and ag_titles. 


Asset Tags 


use_tags={0|1} 


Optional) Specify 0 (the default) if you want to select hosts 
based on IP addresses/ranges and/or asset groups. Specify 
1 if you want to select hosts based on asset tags. 


tag_include_selector= 
anylall) 


Optional when use_tags=1) Specify "any" (the default) to 
include excluded hosts that match at least one of the 
selected tags. Specify "all" to include excluded hosts that 
match all of the selected tags. 


tag_exclude_selector= 
any|all} 


Optional when use_tags=1) Specify "any" (the default) to 
ignore excluded hosts that match at least one of the 
selected tags. Specify "all" to ignore excluded hosts that 
match all of the selected tags. 


tag_set_by = {id|jname} 


Optional when use_tags=1) Specify “id” (the default) to 
select a tag set by providing tag IDs. Specify “name” to 
select a tag set by providing tag names. 


tag_set_include={value} 


Optional when use_tags=1) Specify a tag set to include. 
Excluded hosts that match these tags will be included. You 
identify the tag set by providing tag name or IDs. Multiple 
entries are comma separated. 


tag_set_exclude=({value} 


Optional when use_tags=1) Specify a tag set to exclude. 
Excluded hosts that match these tags will be ignored. You 
identify the tag set by providing tag name or IDs. Multiple 
entries are comma separated. 
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User Scenarios 


Let us consider different user scenarios to know more about the behavior of network_id 


parameter: 

User Networks network id What does output include? 
with access mandatory? 

User 1 Global No Excluded host list from all the networks the 
Default user has access to. 
Network, 
Network 1, 
Network 2 

User 2 Global No Excluded host list for global default network. 
Default 
Network 

User 3 Network 1 Yes Excluded host list for Network 1. 

User 4 Network 1, Yes Excluded host list for network that is listed in 
Network 2, the request. Multiple entries are comma 
Network 3 separated (for example, 

Network+1,Network+2,Network+3). 


Sample - List all excluded hosts 
API request: 


curl -u user:password -H "X-Requested-With: curl demo 2" -D 
headers.15 
"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/?action 
=list" 

XML output 
<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE IP LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ ip/ip list 
_output.dtd"> 

<IP LIST OUTPUT> 


<RESPONSE> 


<DATETIME>2018-01-23T00:33:242</DATETIME> 


<IP_SET> 


28T00 


<IP_RANGE network_id="0" expiration date="2015-04- 
:00:00Z">10.100.100.101-10.100.100.255</IP_RANGE> 
<IP network_id="14665885">10.10.10.1</IP> 

<IP network_id="0">10.100.100.100</IP> 


GI 


</IP_SET> 


</R 
</IP_ 


ES PONSE> 


LIST OUTPUT> 
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Sample - List all excluded hosts in IP range 
API request: 


curl -u user:password -H "X-Requested-With: curl demo 2" -D 
headers.16 
"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/ 
Paction=listé&ips=10.10.24.1-10.10.24.255" 


DTD 
<platform API server>/api/2.0/fo/asset/excluded_ip/ip_list_output.dtd 


Excluded Hosts Change History 
/api/2.0/fo/asset/excluded_ip/history/?action=list 
[GET] {POST] 


View change history for excluded hosts in the user’s subscription. History record IDs in the 
XML output are listed in decreasing order. 


Permissions - Users with these roles have permission to view all excluded hosts in the 
subscription: Manager, Auditor, Unit Manager, Scanner and Reader. 


Unlike other APIs, an excluded hosts change history request returns change history 
records for all relevant IP addresses in the subscription, regardless of whether the user has 
access to these IP addresses in their account. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 


XML output. By default these are not included. 


ips={value} (Optional) Show only certain excluded IP addresses/ranges. 
When unspecified, all excluded IPs/ranges in your 
subscription will be listed. One or more IPs/ranges may be 
specified. Multiple entries are comma separated. An IP 
range is specified with a hyphen (for example, 10.10.24.1- 
10.10.24.20). 


network_id=fvalue} (Optional and valid only when the Network Support 
feature is enabled for the user's account) Specify a network 
ID to restrict the request to a certain custom network. 


id_min={value} (Optional) Show only those history records in your 
subscription that have an ID number greater than or equal 
to an ID number you specify. 
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Parameter Des 


Assets 


Excluded Hosts Change History 


cription 


id_max={value} (Optional) Show only those history records in your 
subscription that have an ID number less than or equal to 


an I 


D number you specify. 


ids={value} (Optional) Show only those history records in your 


subscription that have ID numbers matching the ID 


numbers you specify. 


Sample - Change list for all excluded IPs 


API request: 


curl -u user:password -H "X-Requested-With: 


headers.15 


curl demo 2" =D 


"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/history 


/?action=list" 


XML output: 


<!DOCTYPE HISTORY LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/history 
/history list _output.dtd"> 


<HISTORY LIST OUTPUT> 


<RES PONSE> 


<DATETIME>2018-01-18T01:48:422</DATETIME> 


<HISTORY LIST> 


<HISTORY> 


<ID>1923</ID> 


<IP_SET> 
<IP RANG 
<IP RANG 


F>10.10.10.2-10.10.10.11</IP RANGE> 
F>10.10.10.32-10.10.10.34</IP RANGE> 


<IP>10.10.30.70</IP> 


</IP SET> 


<ACTION>Added</ACTION> 
<DATETIME>2017-12-027T05:19:06Z</DATETIME> 
<USER _LOGIN>quays_ab</USER_LOGIN> 


<COMMENTS><! [CDATA[DD] ] ></COMMENTS> 


</HISTORY> 
<HISTORY> 


<ID>1863</ID> 


<IP_SET> 
<IP_RANG 


</IP SET> 


E>10.10.10.102-10.10.10.120</IP RANG 


<ACTION>Removed</ACTION> 


<DATETIME>2017-06-01T23:51:262Z</DATETIME> 
<USER_LOGIN>quays_ab</USER_LOGIN> 
<COMMENTS><! [CDATA [Removing 10.10.10.102- 
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[zal 
V 


10.10.10.12 
</HIS 

<HIST 

<ID 

<IP 

g 


</IP 


0] ]></COMM 
TORY> 

ORY> 
>1663</ID> 
_SET> 
IP RANGI 
ET> 


ENTS> 


S 


p 


FE>10.10.10.100-10.10.10.120</1P RANG 


<ACTION>Added</ACTION> 


<DAT 


<US 

<CO 

hosts] ]></C 
</HIS 


</HISTO 
<WARNIN 
<COD 

<T 

of results. 
<URL><![C 
ed_ip/his 
</WARNI 
<GLOSSA 

<US 

< 


ry 
E 


US 
< 
< 
< 
< 

</U 


< 


</ 
</USI 


IM 


ET 
ER 


MM 
OMMENTS> 
TORY> 


RY LIST> 
G> 
>1980</COD 


Gl 


> 


EXT>1,000 record limit 


</TEXT> 


NG> 
RY> 


ER_LIST> 


ER> 


FIRST NAM 
LAST NAM 


E>Sally 


USER LOGIN>quays_ss</US 


E>2016-04-29T06:56:132</DAT 
,OGIN>quays_ss</USI 
ENTS><! [CDATA[Scanner shouldn' 


d 


ER LOGIN> 


Assets 
Excluded Hosts Change History 


Gl 


Exclude 


d. Us 


xC 


E>Storm</ 
ROLE>Scanner</ROL 
SER> 
R> 


FIRST NAM 
LAST NAME>Berger< 


E>A1L</FI 


R LOGIN>quays_ab</US! 


F> 


Eal 


R 


URL to get next batch 


DATA [https://qualysapi.qualys.com/api/2.0/fo/asset/exclud 
tory/?action=listé&id_max=1660] ]></URL> 


ER LOGIN> 
Unassigned</FIRST NAM 
LAST NAM 


GI 


E> 


RST NAME> 


ROLE>Manager</ROL 
ER> 
R LIST> 


</GLOSSA 


RY> 


</RESPONS 


E> 


</HISTORY L 


DTD 


IST OUTPUT> 


E> 


/LAST_NAM 


<platform API server>/api/2.0/fo/asset/excluded_ip/history/history_list_output.dtd 
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Manage Excluded Hosts 


The excluded hosts endpoint (/api/2.0/fo/asset/excluded_ip) allows you to add and 
remove excluded hosts from your account. 


Add excluded hosts 
/api/2.0/fo/asset/excluded_ip/?action=add 
[POST] 


Add hosts (IPs) to your excluded host list. Hosts in your excluded host list will not be 
scanned. 


Permissions - Managers and Unit Managers have permission to add IPs to the excluded 
host list. 


Input Parameters 


Parameter Description 
action=add Required) 
ips={value} Required) The IP addresses to be added to the excluded 


Ps list. Enter a comma separated list of IPv4 singletons or 
ranges. For example: 10.10.10.13,10.10.10.25-10.10.10.29 


expiry_days={value} Optional) The number of days the IPs being added to the 
excluded IPs list will be considered valid for exclusion. 
When the expiration is reached, the IPs are removed 
from the list and made available again for scanning. 
When unspecified, the IPs being added have no 
expiration and will remain on the list until removed by a 
user. 


dg_names={value} (Optional) Specify users who will be notified 7 days 
before hosts are removed from the excluded hosts list 
(i.e. supply distribution group names as defined in the 
Qualys UI). Multiple distribution groups are comma 
separated. A maximum of 15 distribution groups may be 


entered. 
comment={value} (Required) User-defined notes (up to 1024 characters). 
network_id={value} (Optional and valid only when the user making the 


request has access to more than one network) 

Assign a network ID to the IPs being added to the 
excluded IPs list. By default, the user’s default network ID 
is assigned. 


Sample - Add excluded hosts 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWD" -d 
"action=add&ips=10.100.100.101-10.100.100.255&comment=adding 
ipsé&expiry days=5" 
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"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/" 


XML output: 


<!DOCTYPE 


SIMPI 


F 


ETURN SYSTEM 


"https://qualysapi.qualys.com/api/2.0/simple_return.dtd"> 


<SIMPLE 


_RETURN> 
<RESPONSE> 


<DATETIME>2018-04-23T00:33:212</DATETIME> 


<TEXT>Adding IPs to 
<ITEM 


<ITE 
<KEY>Added IPs</KEY> 
<VALUE>10.100.100 


</ITEM> 


</RESPONSE> 


| RETURN> 


IST> 


, ESTs 


Excluded IPs list.</T 


Sample - Add IPs already in excluded hosts list 


API request: 


curl -H "X-Requested-With: 
"action=add&ips=10.10.34.210-10.10.34.212&comment=adding, 


curi" =ü 


.101-10.100.100.255</VALU 


EXT> 


eal 
V 


"USERNAME: PASSWD" -d 


added 


IPs " "https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/" 


XML output: 


<!DOCTYPE 


"https:/ 


SIMPLE 


F 


<SIMPLE 


RETURN> 


<RESPONSE> 


_ RETURN SYSTEM 
/qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<DATETIME>2018-05-14T13:09:032</DATETIME> 


EXT>Not 
EM LIST> 


Adding any IPs to 


<KEY>IPs already in 


Excluded IPs list.</K 


Excluded IPs list.</TEXT> 


ea 
K 
V 


<VALUE>10.10.34.210-10.10.34.212</VALUE> 
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Remove excluded hosts 
/api/2.0/fo/asset/excluded_ip/?action=remove 
[POST] 


Remove certain hosts from your excluded hosts list. You can choose to remove certain 
hosts (IPs) or all hosts from your excluded hosts list. 


Permissions - Managers and Unit Managers have permission to remove IPs from the 
excluded host list. 


Input Parameters 


Parameter Description 
actlon=remove (Required) 
ips={value} (Required) The IP addresses to be removed from the 


excluded IPs list. Enter a comma separated list of IPv4 
singletons or ranges. For example: 
10.10.10.13,10.10.10.25-10.10.10.29 


comment={value} (Required) User-defined notes (up to 1024 characters). 


network_id={value} (Optional and valid only when the user making the 
request has access to more than one network) 
Identify a network ID that is assigned to the IPs being 
removed from the excluded IPs list. By default, the 
user's default network ID is assigned. 


Sample - Remove certain excluded hosts 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWD" -d 
"action=removeéips=10.10.34.250-10.10.34.254&comment=remove IPS" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/" 


XML output: 


<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-04-15T04:05:04Z</DATETIME> 
<TEXT>Removed IPs from Excluded IPs list.</TEXT> 
<ITEM LIST> 
<ITEM 
<KEY>Removed IPs</KEY> 
<VALUE>10.10.34.250-10.10.34.254</VALU 


V 


F 
V 


</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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Remove all excluded hosts 
/api/2.0/fo/asset/excluded_ip/?action=remove_all 
[POST] 

Remove all hosts from your excluded hosts list. 


Permissions - Managers and Unit Managers have permission to remove IPs from the 
excluded host list. 


Input Parameters 


Parameter Description 

action=remove_all (Required) 

comment={value} (Required) User-defined notes (up to 1024 characters). 
network_id={value} (Optional and valid only when the user making the 


request has access to more than one network) 
Identify a network ID that is assigned to the IPs being 
removed from the excluded IPs list. By default, the 
user's default network ID is assigned. 


Sample - Remove all excluded hosts 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME:PASSWD" -d 
"action=remove all&comment=remove all ips" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/" 


XML output: 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-04-24T00:08:19Z</DATETIME> 
<TEXT>Removed IPs from Excluded IPs list.</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>Removed IPs</KEY> 
ALUE>10.100.100.101-10.100.100.255,100.100.100.101- 
100.100.100.255</VALUE> 


Fa 


</ITEM_LIST> 
</RESPONSE> 
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DTD 
DTD returned by requests to add and remove excluded hosts 


<platform API server>/api/2.0/simple_return.dtd 


Virtual Host List 
/api/2.0/fo/asset/vhost/?action=list) 
[GET] [POST] 


List virtual hosts in the user's account. By default, all virtual hosts in the user's account 
are included. 


Permissions - Managers view virtual hosts in the subscription. Unit Managers view virtual 
hosts in their own business unit. Scanners and Readers vlew virtual hosts in their own 
account. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Specify 1 to view (echo) input parameters in the 


XML output. By default 
these are not included. 


ip=[value) (Optional) Show only virtual hosts that have a certain IP 
address. 
port=[value) (Optional) Show only virtual hosts that have a certain port. 


Sample - List virtual hosts in account 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 
"https://qualysapi.qualys.com/api/2.0/fo/asset/vhost/?action=list" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE VIRTUAL HOST LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/vhost/vhost list ou 
tput.dtd"> 
<VIRTUAL HOST LIST OUTPUT> 
<RES PONSE> 
<DATETIME>2018-04-26T11:20:422Z</DATETIME> 
<VIRTUAL HOST LIST> 
<VIRTUAL HOST> 
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<IP>10.11.65.3</IP> 
<PORT>255</PORT> 
<FQDN>asadfsadf-123.com</FQDN> 
</VIRTUAL_HOST> 
<VIRTUAL HOST> 
<IP>10.11.65.5</IP> 
<PORT>246</PORT> 
<FQDN>asdfsahydk.com</FQDN> 
</VIRTUAL_HOST> 
</VIRTUAL_HOST LIST> 
</RESPONSE> 
</VIRTUAL_ HOST LIST OUTPUT> 


DTD 
<platform API server>/api/2.0/fo/asset/vhost/vhost_list_output.dtd 


Manage Virtual Hosts 
/api/2.0/fo/asset/vhost/?action={value} 
[POST] 


Create, edit and delete virtual hosts in the user account. One subscription can have a 
maximum of 5000 virtual hosts. The POST access method may be used to make an API 
request. 


Permissions - Managers manage virtual hosts in the subscription. Unit Managers manage 
virtual hosts in their own business unit when granted this permission. Scanners have 
permission to manage virtual hosts in their account when granted this permission. 
Readers, Auditors do not have permission to manage virtual hosts. 


Input Parameters 


Parameter Description 


action={action} (Required) A flag used to make a virtual host request: 
create (create a virtual host 
update (update/edit a virtual host) 
delete (delete a virtual host) 
add_fqdn (add one or more FQDNs to a virtual host) 

delete_fqdn (remove one or more FQDNs from a virtual 
host) 


echo_request=({0|1} (Optional) Specify 1 to view (echo) input parameters in the 
XML output. By default these are not included. 


ip={value} (Required) An IP address for the virtual host configuration. 
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Description 


network_id={value} 


(Optional) Network support must be enabled to specify the 
network_id. If network support is enabled and you do not 
provide a network_id, then the Default Global Network is 
considered. You can specify only one network_id. 


port={value} 


(Required) A port number for the virtual host 
configuration. 


fqdn={value} 


(Required for all actions except “delete”. Invalid for 
“delete” .) 

One or more fully-qualified domain names (FQDNs) for the 
virtual host configuration. Multiple entries are comma 
separated.* 


Sample - Create virtual host 


API request: 


curl - 


u “USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST 


"action=createé&ip=10.10.25.212éport=80éfqdn=www.abcl23abc.com" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/vhost/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-04-27T08:45:22Z</DATETIME> 
<TEXT>Virtual host successfully created.</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


Sample - Create virtual host in a network 


Specify network_id to create a virtual host in the specified network. 


API request: 


curl -u "username:password" -H "X-Requested-With: curl" -H 
"Content-type: 
-d "action=createé&network 1d=5004&ip=10.10.10.20 
é&éport=8080&fqdn=examplel.fqdn.com,example2.fqdn.com" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/vhost/" 


XML output: 


<SIMPLE 


<RE 


RN> 


E> 


text/xml" -X POST 


ETIME>2019-11-22T07:27:52Z</DATETIME> 
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<TEXT>Virtual host successfully created.</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


Sample - Add FQDNs to a virtual host 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -H "X- 
Requested-With:curl" -X POST 
"action=add_ fqdn&ip=10.10.25.212éport=80é&fqdn=www.abcl23abc.com" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/vhost/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 

<RESPONSE> 
<DATETIME>2018-04-27T08:45:48Z</DATETIME> 
<TEXT>Virtual host FOQDN(s) successfully added.</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


More Samples 
Qualys API - Virtual Host samples - Manage Virtual Hosts (GitHub) 


DTD 
<platform API server>/api/2.0/simple_return.dtd 


Restricted IPs List 


/api/2.0/fo/setup/restricted_ips/?action=list 
[GET] [POST] 


List restricted IPs within the user's subscription. Managers only have permission to 
perform these actions using this API. 


Input Parameters 


Parameter Description 


action=list (Required) 
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Parameter Description 


echo_request=[0|1) (Optional) Set to 1 if you want to include the input 
parameters in the XML output. 


output_format={CSV|XML} (Optional) The list output will be in XML format by 
default. For CSV format, set output_format=CSV. 


Sample - Download restricted IPs 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "action=list" 
"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" > 
output.txt 


XML output: 
The DTD for the restricted IPs list XML is provided in Appendix B - Ports used for scanning. 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE RESTRICTED IPS OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/rest 
ricted ips output.dtd"> 
<RESTRICTED IPS OUTPUT> 
<RESPONS 
<DATET 
<IP_SE 
<IP_RANGE>10.10.10.1-10.10.10.255</IP RANG 
</IP_SET> 
<STATUS>disabled</STATUS> 
</RESPONSE> 
</RESTRICTED IPS OUTPUT> 


E>2018-03-22T11:12:56Z</DATETIME> 


D 

E> 
IM 
T> 
RA 


feal 
V 


T 


DTD for restricted IPs list 
<platform API server>/api/2.0/fo/setup/restricted_ips/restricted_ips_output.dtd 


Sample - Download Restricted IPs List in CSV format 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "action=list&output_format=csv" 
"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" 


CSV output: 
----BEGIN RESPONSE BODY CSV 
J:0. 0.20 0 
10.00. 101=10.,255.,255. 255 
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E BODY CSV 


----BEGIN RESPONSE_FOOTER_CSV 


----END RESPONS 


E FOOTER CSV 


Manage Restricted 


IPs 


/api/2.0/fo/setup/restricted_ips/ 


[GET] [POST] 


Manage and update the list of restricted IPs within the user's subscription. Managers only 
have permission to perform these actions using this API. 


Input Parameters 


Parameter 


Description 


action={value} 


(Required) The action for the request, one of: 

activate - enable or disable the restricted IPs feature 
clear - clear all restricted IPs and de-active this feature 
add - add restricted IPs 

delete - delete restricted IPs 

replace - replace restricted IPs 


echo_request={0|1} 


Optional) Set to 1 if you want to include the input 
parameters in the XML output. 


enable={0|1} 


Optional and valid when action is activate) Enable or 
disable the restricted IPs list. Set enable=1 to enable the 
ist; set enable=0 to clear any IPs in the list and disable the 
feature. 


ips={value} -or- 
{CSV raw data upload} 


Optional and valid when action is add, replace or delete) 
The hosts you want to add to, remove from or replace in 
the restricted IPs list. 


IPs must be specified by using the “ips” parameter (using 
the POST method) or by uploading CSV raw data (using 
the GET or POST method). To upload CSV raw data using 
POST, specify --data-binary <data>. 


How to specify IP addresses. One or more IPs/ranges may 
be specified. Multiple IPs/ranges are comma separated. An 
IP range is specified with a hyphen (for example, 
10.10.30.1-10.10.30.50). CIDR notation is supported. 
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Sample - Replace restricted IPs 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "action=replaceéips=10.0.0.0/8" 
"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" > 
output.txt 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-03-22T11:45:00Z</DATETIME> 
<TEXT>Successfully replaced restricted ips</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>STATUS</KEY> 
<VALUE>disabled</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


ea) 
V 


Sample - Delete restricted IPs, upload CSV raw data 
CSV raw data: 


Š cat filel.csv 
10.0.0.1 
10.0.0.2-10.0.0.100 


API request: 
curl -H "X-Requested-with:curl" -H "Content-type:text/csv" -u 
"USERNAME: PASSWORD" --data-binary "@filel.csv" 
"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/?act 
ion=delete" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-03-22T11:45:34Z</DATETIME> 
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<TEXT>Successfully deleted restricted ips</TEXT> 


<ITE IST> 


<ITE 
<KEY>STATUS</KEY> 
<VALUE>disabled</VALU 


Assets 
Manage Restricted IPs 


eal 
V 


</ ITEM> 
</ITEM LIST> 


PONSE> 


E RETURN> 


Sample - Activate Restricted IPs feature and enable list 


API request: 


eur: 


=u 


"USERNAME : PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


-d "action=activate&enable=1" 


"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" > 
output.txt 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE SIMPLE 
"https://q 
<SIMPLE 


RETURN SYSTEM 


RETURN> 


<RES PONSE> 


<DATETIME>20 
TEXT>Restri 
successfully</TEXT> 


< 


<ITl 
<ITE 
<KEY>STATUS</KEY> 


</R 
</SIM 


EM LIST> 


M> 


<VALUE>e 


ualysapi.qualys.com/api/2.0/simple return.dtd"> 


18-03-22T11:46:45Z</DATETIME> 
cted IPs feature has been enabled 


nabled</VALU 


eal 
V 


</ ITEM> 
</ITEM LIST> 


ES 


PONSE> 


PLE 


Sample - Clear All Restricted IPs and Disable the feature 


API request: 


curl 


= 


"USERNAM 


E:PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


-d "action=clear" 
"https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-03-22T12:04:34Z</DATETIME> 
<TEXT>Successfully cleared restricted ips</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>STATUS</KEY> 
<VALUE>disabled</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


ea) 
V 


Asset Group List 
/api/2.0/fo/asset/group/?action=list 
[GET] [POST] 


List asset groups in the user’s account. 


Permissions - Managers can view asset groups in the subscription. Unit Managers can view 
all asset groups in the user’s business unit (those assigned to the business unit, and those 
owned by all users in the business unit). Scanners and Readers can view asset groups in 
the user’s account (those assigned to the user, and those owned by the user). 


Input Parameters 


Parameter Description 

action=list (Required) 

output_format={csv|xm1} Optional) The requested output format: CSV or XML (the 
default). 

echo_request={0|1} Optional) Specify 1 to show (echo) the request’s input 


parameters (names, values) in the XML output. When 
unspecified, parameters are not included in the XML 
output. 


ids={value} Optional) Show only asset groups with certain IDs. 
Multiple IDs are comma separated. 


id_min={value} (Optional) Show only asset groups that have an ID greater 
than or equal to the specified ID. 
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Parameter 


Description 
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id_max={value} 


(Optional) Show only asset groups that have an ID less 


than or equal to the specified ID. 


truncation_limit={value} 


records to output. By default this is 


processing large XML files can cons 
on the client side. 
ogic and 
processed while the next page is bei 


Optional) Specify the maximum number of asset group 


set to 1000 records. If 


you specify truncation_limit=0, the output is not 
paginated and all records are returned in a single output. 
WARNING This can generate very large output and 


ume a lot of resources 


tis recommended to use the pagination 
parallel processing. The previous page can be 


ng downloaded. 


network_ids={value} 


(Optiona 
enabled i 
network 


n your account) Restrict th 
Ds. Multi 


ple IDs are comm 


and valid only when the Networks feature is 


e request to certain 
a separated. 


unit_id={value} 


(Optiona 
unit ID 


equal to the specified ID. 


Show only asset groups that have a business 


user_id={value} 


(Optiona 
equal to the 


specified ID. 


Show only asset groups that have a user ID 


title={value} 


(Optiona 
to the speci 


c 


ed stri 


Show only the asset group that has a title equal 
i ng - this must be an exact match. 


show_attributes=[value) 


(Optiona 
the ID. Speci 


Show attributes for each asset group along with 
fy ALL or a comm-separated list of attribute 
names. Attribute names: ID, TITLE, OVWNER_USER_NAME, 


OWNER_USER_ID, OWNER_UNI 
LAST_UPDA’ 


_ID, NETWORK_IDS, 
E, IP_SET, APPLIANCE LIST, DOMAIN_LIST, 


ASSIGNED_USER_IDS, ASS 


DNS_LIST, NETBIOS_LIST, EC2_ID_LIST, HOST_IDS, 
GNED_UNIT_IDS, 
BUSINESS_IMPACT, CVSS, COMMENTS. 


Sample - List asset groups, show default attributes 


API request: 


curl 


-u 


"USERNAM 


"action=list&ids=442838" 


E:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 


"https://qualysapi.qualys.com/api/2.0/fo/asset/group/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
ET GROUP LIST OUTPUT SYSTEM 
ualysapi.qualys.com/api/2.0/fo/asset/group/asset group 1 
dtd"> 

LIST OUTPUT> 


<!DOCTYPE 
"https://q 
ist output. 


<ASSI 


ASS 


ET GROUP 


?> 


<R 


ESPONSE> 


<DATETIME>2018-05-17T08:48:41Z</DAT 


ETIME> 


<ASSET GROUP LIST> 
<ASSET_GROUP> 
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< 
</R 
</ASS 


<ID>442838</ID> 


<TIT 
<OWNE 


X 


<N! 
<1 


ETWO 
P SE 
<IP_ 
<IP_ 
<IP> 
<IP ` 
<IP_ 
<IP> 
</IP_S 


RK I 
T> 


10.1 


RANG 


</ASSET_GROU 


/ASSET 
ESPONS 
ET GRO 


E> 


_ GROUP ` 


RANG 
RANG 


RANG 
E>10. 
10.10.31 
ET> 


E><! [CDATA[Al11] ]></TITL 
R_ID>103448</OWN 
<UNIT_ID>0</UNIT_ID> 


D>0</NETWOR 


K ID> 


E>10. 
E>10. 
0.10. 
E>10. 


14</IP> 


.26</IP> 


P> 


LIST> 


UP LIST OUTPUT> 


Sample - List asset groups, show all attributes 


API request: 


curl 


"US 


=U 


ERNAM 


F: PASSWD" 


ER ID> 


GI 


10.10.0-10.10.10.1</IP RANG 
10.10.3-10.10.10.6</IP RANG 


"action=listé&ids=246385é&éshow attributes=ALL" 


Ey Ed 


Vv 


-H "X-Requested-With: Curl" 
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Vv 


10.10.16-10.10.10.20</IP RANGE> 
10.10.22-10.10.10.255</IP_RANGE> 


-X "POST" -d 


"https://qualysapi.qualys.com/api/2.0/fo/asset/group/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
ET GROUP LIST OUTPUT SYSTEM 
ualysapi.qualys.com/api/2.0/fo/asset/group/asset group 1 


<! DOC 
"http 
ist_o 
<ASSI 

< 


ry 
E, 


TYPE 
s://q 
utput.dtd 
T GROUP 


ASS 


"> 


ESPONSE> 


<DATETIM 


<ASSET G 
<ASSE 

<I 

<T 


<OWNE 
<LAST 
USINI 


<B 


<D! 


TG 


ROU 


ITLI 


LIST OUTPUT> 


? 


E>2018-03-17T09:52:59Z</DAT 


> 


ET 


IME 


P LIST> 
ROUP> 

D>246385</ID> 
E> 


user_john</TITL 


R 


EFAU 


my 
Ë, 


PDAT 
SS IMPACT> 


<A 
<I 


</IP_SI 


P SE 
<IP 


<IP 


PPLIANC 


T AP 


E IDS>199673, 


T> 
RANGE>10.10.10.10-10.10.10.11</TI1 
E>10.113.197.131-10.113.197.132</IE 


my 
E 
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ER_ID>180603</OWN 


ER_US 


ER I 


D> 


E>2018-03-07T11:37:572</LAST_UPDAT 


High</BUSINESS IMPACT> 


Gl 


PLIANCE ID>199673</DEFAU 


TEA 


PPLIANCE ID> 


199674</APPLIANCE IDS> 


P RANGE> 
p 
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<DNS_LIST> 
<DNS>qualsssl.com</DNS> 
</DNS_LIST> 
<NETBIOS LIST> 
<NETBIOS>WIN2003-SRV-O</NETBIOS> 
</NETBIOS LIST> 
<HOST IDS>634744, 653133</HOST IDS> 
<ASSIGNED USER _IDS>198400, 198401</ASSIGNED USER_IDS> 
<ASSIGNED UNIT IDS>202741</ASSIGNED UNIT IDS> 
<OWNER USER NAME>John Doe</OWNER_USER_NAME> 
</ASSET GROUP> 
</ASSET GROUP LIST> 
</RESPONSE> 
</ASSET GROUP LIST OUTPUT> 


DTD for asset group list 


<platform API server>/api/2.0/fo/asset/group/asset_group_list_output.dtd 


Manage Asset Groups 


Create, edit and delete asset groups in the user’s account. 


Permissions - Managers can manage (create, edit, delete) all asset groups in the 
subscription. Unit Managers can manage asset groups owned by any user in the user’s 
same business unit. Scanners and Readers can manage asset groups owned by the user. 


Add new asset group 
/api/2.0/fo/asset/group/?action=add 


[POST] 


Add a new asset group in the user's account. 


Input Parameters 


Parameter Description 
action=add (Required) 
echo_request={0|1} (Optional) Specify 1 to show (echo) the request’s input 


parameters (names, values) in the XML output. When 
unspecified, parameters are not included in the XML 
output. 


title=(value} (Required) An asset group title. This name must be unique 
and can’t be “All”, 
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Parameter Description 


network_id={value} (Optional) The network ID of the network you want to 
assign the asset group to. 


{parameters} See “Asset Group Parameters” 


Sample - Add asset group 


API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" 

-d "title=MY DEMO AG&network id=1220&comments=This is 
commenté&division=this is divison&location=this is 
locationébusiness impact=highécvss enviro_cdp=low&cvss enviro td=1 
ow&Cvss enviro cr=mediumé&cvss enviro ir=highécvss enviro_ar=medium 
é&ips=10.1.1.1/31" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/group/?action=add" 


XML output: 
?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-03-28T22:57:50Z</DATETIME> 
<TEXT>Asset Group successfully added.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>395752377</VALU 


eal 
V 
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Edit asset group 
/api/2.0/fo/asset/group/?action=edit 
[POST] 


Edit an existing asset group in the user's account. 


Input Parameters 


Assets 
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Parameter Description 
action=edit (Required) 
echo_request={0|1} (Optional) Specify 1 to show (echo) the request’s input 


parameters (names, values) in the XML output. When 


unspecified, parameters are not included in the XML 
output. 
id={value} (Required) The ID of the asset group you want to edit. 
{parameters} See “Asset Group Parameters” 


Sample - Edit asset group 
API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


-d "id=395752377&set_title=MY ASSET GROUP" 


"https://qualysapi.qualys.com/api/2.0/fo/asset/group/?action=edit" 


XML output: 


The XML output uses the simple return (/api/2.0/simple_return.dtd). 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 


"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2014-05-29T15:29:00Z</DATETIME> 
<TEXT>Asset Group Updated Successfully</T! 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>395752377</VALU 


eal 
V 


</ITE EST 
</RESPONSE> 
</SIMPLE RETURN> 
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Delete asset group 


/api/2.0/fo/asset/group/?action=delete 


[POST] 


Delete an asset group present in the user's account. By deleting an asset group any 
scheduled scans using the asset group will be deactivated. 


Input Parameters 


Parameter 


Description 


action=delete 


(Required) 


echo_request={0|1} 


Optional) Specify 1 to show (echo) the request’s input 
parameters (names, values) in the XML output. When 
unspecified, parameters are not included in the XML 
output. 


id={value} 


(Required) The ID of the asset group you want to delete. 


Sample - Delete asset group 


API request: 


eurl =u "y 


SERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


-d "id=395752377" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/group/?action=delet 
e" 
XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2018-03-29T15:49:352</DATETIME> 
<TEXT>Asset Group Deleted Successfully</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>395752377</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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= 


domains, etc depending on the parameter. 


Assets 
Manage Asset Groups 


Theses parameters are used for adding and editing an asset group. 


The “set” (overwrite) and “remove” operations can cause the asset group to have no IPs, 


Parameter Parameter Name Parameter Name 
action=add action=edit 
Comments comments set_comments 
255 characters maximum) 
Division division set_division 
64 characters maximum) 
Function function set_function 
64 characters maximum) 
Location ocation set_location 


64 characters maximum) 


Business Impact 


business_impact 


set_business_impact 


One of: critical, high, medium, low, none) 


IP addresses/ranges 


ips 


add_ips 
remove_ips 
set_ips 


Scanner Appliances 


appliance_ids 


Looking for appliance IDs? 
Use the Appliance API 
(/api/2.0/fo/appliance/). See 
KnowledgeBase 


add_appliance_ids 
remove_appliance_ids 
set_appliance_ids 


Default Scanner Appliance 


default_appliance_id 


set_default_appliance_id 


Domains domains add_domains 
remove_domains 
set_domains 

DNS Names dns_ names add_dns_names 


remove_dns_names 
set_dns_names 


NetBIOS Names 


netbios_names 


add_netbios_names 
remove_netbios_names 
set_netbios_ names 


Title 


title 


(255 characters maximum) 


set_title 


CVSS Environmental 
Metric: Collateral Damage 
Potential 


cvss_enviro_cdp 


set_cvss_enviro_cdp 


(One of: high, medium-high, low-medium, low, none) 
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Parameter Parameter Name Parameter Name 
action=add action=edit 
CVSS Environmental cvss_enviro_td set_cvss_enviro_td 


Metric: Target Distribution 


(One of: high, medium, low, none) 


CVSS Environmental cvss_enviro_cr set_cvss_enviro_cr 
Metric: Confidentiality 
Requirement 


(One of: high, medium, low) 


CVSS Environmental cvss_enviro_ir set_cvss_enviro_ir 
Metric: Integrity 
Requirement 


(One of: high, medium, low) 


CVSS Environmental cvss_enviro_ar set_cvss_enviro_ar 
Metric: Availability 
Requirement 


(One of: high, medium, low) 


Purge Hosts 
/api/2.0/fo/asset/host/?action=purge 
[POST] 


Purge hosts in your account to remove the assessment data associated with them. 


Purging hosts will remove host based data in the user’s account (scan results will not be 
removed). Purged host information will not appear in new reports generated by users. One 
or both types of host data is removed, based on the user’s API request: vulnerability data 
and compliance data. 


Permissions 


Managers can purge assessment data for all hosts in the subscription, including 
vulnerability data and/or compliance data. 


Auditors can purge compliance data only for all compliance hosts in the subscription 
(vulnerability data will not be removed). 


Unit Managers, Scanners, and Readers can purge vulnerability data and/or compliance 
data in their user account if granted the permission “Purge host information/history”. The 
permission “Manage compliance” is required to purge compliance data. 


Express Lite - This API is available to Express Lite users. 
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How to choose data scope for asset purge 


The input parameter “data_scope” allows you to specify the type of data to purge from a 
host. Specify “vm” to purge vulnerability data, “pce” to purge compliance data, or “um,pc” 
(irrespective of order) to purge both types of data. 


You can also use the input parameter “compliance_enabled” to purge compliance data 
along with vulnerability data or vulnerability data only. This option does not allow you to 
purge compliance data only. 


You can combine compliance_enabled and data_scope in the same request. Note, 


however, that anytime compliance_enabled=1 is specified, then both vulnerability and 
compliance data is purged regardless of the data_scope value. See the table below to 
understand the different combinations and the type of data purged. 
compliance_enabled value data_scope value type of data purged 

1 unspecified vulnerability + compliance data 

0 unspecified vulnerability data only 

unspecified or 0 vm vulnerability data only 

unspecified or 0 pe compliance data only 

unspecified or 0 vm,pc vulnerability + compliance data 

1 vm vulnerability + compliance data 

1 pc vulnerability + compliance data 

1 vm,pc vulnerability + compliance data 

Input Parameters 

Parameter Description 

action=purge Required) 


echo_request=[0|1) 


Optional) Specify 1 to view input parameters in the XML 
output. When unspecified, parameters are not included in 
the XML output. 


ids={value} 


Optional) Purge host information for certain host 
IDs/ranges. One or more host IDs/ranges may be specified. 
Multiple entries are comma separated. A host ID range is 
specified with a hyphen (for example, 190-400).Valid host 
IDs are required. 


One of these host selection parameters must be specified 
in an API request: ids, ips, ag_ids or ag_titles. Multiple host 
selection parameters may be specified together in the 
same request. 


ips={value} 


(Optional) Purge host information certain IP 
addresses/ranges. One or more IPs/ranges may be 
specified. Multiple entries are comma separated. An IP 
range is specified with a hyphen (for example, 10.10.10.1- 
10.10.10.100). 
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Description 


ag_ids={value} 


(Optional) Purge hosts belonging to asset groups with 
certain IDs. One or more asset group IDs and/or ranges 
may be specified. Multiple entries are comma separated. A 
range is specified with a dash (for example, 386941- 
386945). Valid asset group IDs are required. 


One of these host selection parameters must be specified 
in an API request: ids, ips, ag_ids or ag_titles. Multiple host 
selection parameters may be specified together in the 
same request. 


ag_titles={value} 


(Optional) Purge hosts belonging to asset groups with 
certain strings in the asset group title. One or more asset 
group titles may be specified. Multiple entries are comma 
separated (for example, 
My+First+Asset+Group,Another+Asset+Group). 


One of these parameters must be specified in an API 
request: ids, ips, ag_ids or ag_titles. Multiple host selection 
parameters may be specified together in the same request. 
These parameters are mutually exclusive and cannot be 
specified together: ag_ids and ag_titles. 


network_ids={value} 


Optional, and valid only when the Network Support 
feature is enabled for the user’s account) Restrict the 
request to certain custom network IDs. Multiple network 
IDs are comma separated. 


no_vm_scan_since={date} 


Optional) Purge hosts not scanned since a certain date 
and time (optional). The date/time is specified in YYYY- 

MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07- 
01” or “2007-01-25T23:12:00Z”. 


User Permissions: An Auditor cannot be specify this 
parameter. 


no_complance_scan_since 
=({date} 


(Optional) Purge compliance hosts not scanned since a 
certain date and time (optional). This parameter is invalid 
for an Express Lite user. 


The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] 
format (UTC/GMT), like “2007-07-01” or “2007-01- 
25T23:12:002”. 


User Permissions: A sub-account (Unit Manager, Scanner 
or Reader) can specify this parameter only when the user 
account is granted certain permissions to purge 
compliance information. See “Input Parameters”. 
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Parameter 
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Description 


data_scope={value} 


(Optional) The type of data to purge. Specify “vm” to purge 
vulnerability data, specify “pc” to purge compliance data, 
or specify both as a comma separated list to purge both 
types of data. 


If compliance_enabled=1 is specified in the same request, 
then vulnerability and compliance data will both be purged 
regardless of the data_scope value. 


compliance_enabled={0|1} 


(Optional) This parameter is valid only when the policy 
compliance module is enabled for the user account. 


Specify 1 to purge compliance hosts in the user’s account. 
These hosts are assigned to the PC module. When selected, 
the service will remove vulnerability data and compliance 
data associated with the selected hosts. 


Specify 0 to purge hosts which are not assigned to the 
PC module. When specified (without data_scope), the 
service will remove only vulnerability information 
associated with the selected hosts. 


Note: A sub-account (Unit Manager, Scanner or Reader) 
can specify this parameter only when the user account is 
granted permissions to purge compliance information. An 
Auditor does not have permission to set 
compliance_enabled=0. 


os_pattern={expression} 


(Optional) Purge only hosts which have an operating 
system matching a certain regular expression. An empty 
value cannot be specified. Use “%5E%24” to match empty 
string. 


Important: The regular expression string you enter must 
follow the PCRE standard and it must be URL encoded. 


Sample regular expression strings for matching OS names: 
Qualys API - Host List Detection API samples (GitHub, see 
sample 17) 


For information about the Perl Compatible Regular 
Expressions (PCRE) standard visit: 
http://php.net/manual/en/book.pcre.php 


For the PCRE syntax, see: 
http://php.net/manual/en/reference.pcre.pattern.syntax.p 
hp 


http://www.php.net/manual/en/reference.pcre.pattern.pos 
ix.php 
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Sample 1 - Purge only compliance data 
In this example, data_scope=pc so only compliance data will be purged for the host. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d 
"action=purgeéips=10.20.32.152&data_scope=pc" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


Response: 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2020-11-19T10:51:57Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Hosts Queued (compliance data) for Purging</TEXT> 
<ID_SET> 
<ID>3971339</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


Sample 2 - Purge only vulnerability data 
In this example, data_scope=vm so only vulnerability data will be purged for the host. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d 
"action=purgeéips=10.20.32.152&data_scope=vm" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


Response: 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 
<BATCH_RETURN> 
<RESPONSE> 
<DATETIME>2020-11-19T10:51:452Z</DATETIME> 
<BATCH_ LIST> 
<BATCH> 
<TEXT>Hosts Queued (vulnerability data) for Purging</TEXT> 
<ID_SET> 
<ID>3971339</ID> 
</ID_SET> 
</BATCH> 
</BATCH LIST> 
</RESPONSE> 
</BATCH_ RETURN> 
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Sample 3 - Purge vulnerability and compliance data 


In this example, data_scope=pc,vm so both vulnerability and compliance data will be 
purged for the host. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d 


"action=purgeé&ip 
"https://qualysa 


Response: 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_ return.dtd"> 


<BATCH_RET 


URN> 


E> 


<RESPONS 


s=10.20.32.152&data_scope=pc, vm" 
pi.qualys.com/api/2.0/fo/asset/host/" 


<DATETIME>2020-11-19T10:52:12Z</DAT 


ETIME> 


<BATCH_LIST> 
<BATCH> 


<T 


of 


Purging</1 


<I 


</ID_SET> 
</BATCH> 
</BATCH LIST> 


EXT>Hosts Queued (vulnerabili 
EXT> 


D_SET> 


<ID>3971339</ID> 


</RESPONSE> 


</BATCH_ RETURN> 


ty + compliance data) for 


Sample 4 - Purge vulnerability and compliance data (using compliance_enabled) 


In this example, compliance_enabled=1 and data_scope=pc. Both vulnerability and 
compliance data will be purged for the host since compliance_enabled=1 takes 


precedence. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Reque 
"action=purgeé&ips=10.20.32.154&complian 
"https://qualysapi.qualys.com/api/2.0/f 


Response: 


<!DOCTYPE BATCH RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd"> 


<BATCH_RE! 


a 


URN> 


<RES PONS 


E> 


<DATET 


= 


IME>2020-11-19T11:25:12Z</DAT 


<BATCH_ LIST> 


<BAT 
<] 


i 


w 


= 


Purging</1 


CH> 
EXT>Hosts Queued (vulnerabili 
EXT> 
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sted-With: curl" =X "POST" =d 
ce_enabled=1lé&data_scope=vm" 
o/asset/host/" 


ETIME> 


ty + compliance data) for 


<ID_SET> 


</I 
</BATCH> 
</BATCH_ 


<ID>3971340</ID> 
D SET> 


LIST> 


</RESPONSE> 


</BATCH R 


ETURN> 
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Sample 5 - Purge only vulnerability data (using compliance_enabled) 


In this example, compliance_enabled=0 and data_scope=vm so only vulnerability data 


will be purged. 
API request: 


curl -u 


"USERNAME: PASSWORD" -H "X-Requested-With: 


curl" =X "POST" =q 


"action=purgeéips=10.20.32.154&compliance enabled=0édata_scope=vm" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/" 


Response: 
<! DOCTYPE 


BATCH RETURN SYSTI 


EM 
Ë: 


"https://qualysapi.qualys.com/api/2.O/batch return.dtd"> 


<BATCH_RET 


URN> 


E> 


<RESPONS 


<DATEJ 


TIM 


<BATCH_LIST> 


<BAT 
<] 
<I 


</I 
</BATCH> 
</BATCH 


LCH> 


EXT>Hosts Queued 
D_SET> 
<ID>3971340</ID> 
D_SET> 


LIST> 


</RESPONSE> 


</BATCH_ RETURN> 


DTD 


E>2020-11-19T11:25:12Z2</DAT 


(vulnerabili 


ETIME> 


ty data) 


for Purging</TEXT> 


<platform API server>/api/2.0/fo/asset/host/dtd/purge/output.dtd 
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Patch List 
/api/2.0/fo/asset/patch/index.php 
[GET] 


The Patch API lets you view the list of all superseding patches for detection on specific 
host. For the host, the Patch Info List provides information such as detection QID, patch 
QID, patch severity, patch title, patch vendor ID, patch release date, and patch links. 


User permissions - Managers and Unit Managers can fetch the patch list on assets in their 
own business unit. Scanners and Readers fetch the patch list on assets in their own 
account. 


Input Parameters 


Parameter Description 


host_id={value} (Required) The output lists all the superseding patches that 
will fix the detections on a single host instance. Specify the 
ID for the host to include in the report. A valid host ID 
must be entered. 


output_format={xm]} (Optional) Specifies the format of the host detection list 
output. When not specified, the output format is xml. A 
valid value is xml. 


Sample 1: Patch List 


API request: 
curl -u "USERNAME: PASSWORD" -X "GET" -H "X-Requested-With: curl" 
-H "Content-Type: text/xml" 
"host id=136801&output format=xml" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/patch/index.php" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE PATCH LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/asset/patch/host patches. 
dtd"> 
<PATCH LIST OUTPUT> 
<RESPONSE> 
SUBSCRIPTION ID>3058</SUBSCRIPTION_ID> 
HOST _ID>136801</HOST_ID> 
IP>10.10.25.249</IP> 
DNS><! [CDATA[oral1107-25-249]]></DNS> 
NETBIOS><! [CDATA[ORA11107-25-249] ] ></NETBIOS> 
<OS><! [CDATA [Windows 2003 Service Pack 2]]></0OS> 
<OS_CPE><! [CDATA[]]></OS_CPE> 


A A A A A 
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<NETWORK><! [CDATA[Star Trek]]></NETWORK> 
<PATCH INFO LIST> 


<PATCH 


_INFO> 
<DETECTION QIDS> 


</D 


<PATCH 


<QI 


ETECTION QIDS> 
OED 


cve_ids=""><![C 
<PATCH_ SEVERITY>4</PATCH_ SEV. 


DATA [19883] ]></PAl 


ERITY> 


Issues (Pa 


64bit]]></ 


<PATCH TITLE><! [CDATA[Oracle 
- General Update Multiple 
<PATCH VENDOR ID><! [CDATA[11 
32bit,11.1.0.7 Patch 54 - 
<PATCH RELEASE DAT 
00:00:00</PATCH RELEASE DATE> 
<PATCH LINKS> 
<LINK 
os _ sw="Windows"><! [CDATA[ht 
/patch/PatchDe 
<LINK 


os sw="Windows"><! [CDATA[ht 
/patch/Pa 


tchDe 


</PATCH LINKS> 
</PATCH_INFO> 
</PATCH_ INFO LIST> 


</R 


ESPONS 


E> 


</PATCH_ 


DTD 


LIST OUTPUT> 


LO 27 


D cve_ids=""><! [CDATA[19883]]></QID> 


Patch 54 - 


PATCH V 


E>2013-10-15 


ENDOR_ID> 


<platform API server>/api/2.0/fo/asset/patch/host_patches.dtd 
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PCH QID> 


11.1.0.7 on Microsoft Windows 
tch #54)]]></PAT 


TCH TITLI 


F> 


tps://support.oracle.com/epmos/faces/ui 
tail.jspx?patchId=17363759] ]></LINK> 


tps://support.oracle.com/epmos/faces/ui 
tail.jspx?patchId=17363760] ]></LINK> 
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IPv6 Assets 


The IPv6 Assets API allows Manager users to manage IPv6 assets so they can be scanned 
using Qualys. The IPv6 API can be used when the IPv6 Support feature is enabled in the 
user's subscription. Please contact Support if you would like this feature enabled for your 
account. 


API Support for IPv6 Asset Management and Scanning 
IPv6 Mapping Record List 
Add IPv6é Mapping Records 


API Support for IPv6 Asset Management and Scanning 


IPv6 Support is a subscription-level option that must be enabled for your subscription by 
Qualys Support in order to start managing and scanning IPv6 hosts. Follow the steps below 
to get started with managing and scanning IPv6 hosts using the API. 


Step 1: Add Special IPv4 Addresses to your subscription 


Using the Asset API add to your subscription the special, mapping IPv4 addresses. These 
IPv4 addresses are used for mapping IPv4 addresses to your IPv6 hosts. The IPv4 addresses 
for mapping are in the special 0.0.0.0/8 network, in this range: 


0.0.0.1-0.254.255.255 


A sample request for adding the special IPv4 addresses is shown below (where 
qualysapi.qualys.com is the server URL where your Qualys account is located): 


https://qualysapi.qualys.com/msp/asset_ip.php?action=add& 
host_ips=0.0.0.1-0.0.0.255 


Step 2: Add IPv6 Mapping Records 


Manager users can add IPv6 mapping records for the subscription by submitting the 
records in CSV or XML format. Each mapping record associates one IPv6 address in your 
network to one IPv4 address in the special mapping range 0.0.0.1-0.254.255.255.A 
maximum of 10,000 records can be added or removed per API request. 


How to Add IPv6 Records in CSV 


Review the steps below to learn how to add IPv6é mapping records by submitting the 
records in CSV format. A curl client is used to illustrate this process. 


1) View Mapping Records in CSV 
API request: 


$ curl -u username:password -H "X-Requested-With: curl" 


"https://qualysapi.qualys.com/api/2.0/fo/asset/ip/v4 v6/?action=li 
st&output_format=csv" 


513 


IPv6 Assets 
API Support for IPv6 Asset Management and Scanning 


XML output: 


Note: The service automatically returns an ID value in the ID column for each IPv6 
mapping record. This ID is assigned by the service when the record is created. 


----BEGIN_ RESPONSE BODY CSV 

ID, IPv4, IPv6 
"46947","0.0.0.7","2001:db8:85a3::8a2e:370:84" 
"47036","0.0.0.1","2001:db8:85a3::8a2e:370:77" 
----END RESPONSE BODY CSV 
----BEGIN_RESPONSE_FOOTER_CSV 

"Status Message" 
"Finished" 
----END RESPONSE FOOTER CSV 


2) Prepare filel.csv with records to be added 


The CSV file contents identify one or more IPv6 mapping records to be added. The 
columns in the CSV upload file are described below. 


Column Description 
Pv4 Required) An IPv4 address. The IPv4 address can be 


defined in only one IPv6 mapping record within your 
subscription. 


Pv6 Required) An IPv6 address. The IPv6 address can be 
defined in only one IPv6 mapping record within your 
subscription. 


D Optional) A user-defined, custom ID may be included. 
Important: Custom ID values will not be saved with record 
data within your subscription. 


The CSV file must include the input parameters action=add and csv_data=. The 
parameter all_or_nothing is optional. When set to 1 or unspecified, the service cancels the 
request and does not add any new records if it finds the upload data has one record with 
an IP conflict. When set to 0 the service does not cancel the request if an IP conflict is 
found. 


Sample file1.csv used to add IPv6 mapping records: 


$ cat filel.csv 
action=addéall or nothing=l&csv_data= 
"0.0.0.2","2001:470:8418:a18::a0a:1805"%S0A 


"0.0.0.3","2001:470:8418:a18::a0a:ab7"%S0A 

"0.0.0.4","2001:470:8418:a18::a0a:1849"ZS0A 
"0.0.0.5","2001:470:8418:a18::a0a:189c"S0A 
"0.0.0.6","2001:470:8418:a18::a0a:189d"S0A 
"0.0.0.8","2001:470:8418:a18::a0a:189e"S0A 
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"0.0.0.9","2001:470:8418:a18::a0a:18d0"%s0A 
"0.0.0.10","2001:470:8418:a18::a0a:18d1"S0A 
"0.0.0.11","2001:470:8418:a18::a0a:18d2"S0A 
"0.0.0.12","2001:470:8418:a18::a0a:18d6"ZS0A 
"0.0.0.13","2001:470:8418:a18::a0a:18d7"S0A 
"0.0.0.14","2001:470:8418:a18::a0a:18da"S0A 
"0.0.0.15","2001:470:8418:a18::a0a:18db"ZS0A 
"0.0.0.16","ff00: abcd: :1234"%0A 


3) POST data from filel.csv (Success) 
Input: 


$ curl -u username:password -H "X-Requested-With: curl" 
-d @filel.csv 
"https: //qualysguard.api.qualys.com/api/2.0/fo/asset/ip/v4_ vé6/" 


Output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysguard.api.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2011-11-03T19:31:27Z</DATETIME> 
<TEXT>Successfully imported 14 records 
</TEXT> 
</RESPONSE> 
</SIMPLE RETURN> 


How to Add IPv6 Records in XML 


Review the steps below to learn how to add IPv6 mapping records by submitting the 
records in XML format. A curl client is used to illustrate this process. 


1) View mapping records in XML 
API request: 


$ curl -u username:password -H "X-Requested-With: curl" 
"https://qualysguard.api.qualys.com/api/2.0/fo/asset/ip/v4 v6/?act 
ion=list&output format=xml" 


Output: 
Note: The service automatically returns an ID value in the <ID> element for each IPv6 
mapping record. This ID is assigned by the service when the record is created. 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE IP MAP LIST OUTPUT SYSTEM 
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"ht 
t o 
<IP 


t.dtd"> 


E> 


<IP MAF 


</IP_MA 


p 


<IP 


<I 


MAP> 


LIST OUTPUT> 


_LIST> 


D>46947</ID> 


<V4>0.0.0.7</V4> 
<V6>2001:db8:85a3::8a2e:370:84</V6> 


</IP_MAP> 
<IP_MAP> 


<ID>47036</ID> 
<V4>0.0.0.1</V4> 
<V6>2001:db8:85a3::8a2e:370:77</V6> 


</IP_MAP> 


</R 


ES PONSE> 


P LIST> 


</IP_MAP LIST OUTPUT> 
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ETIME>2011-11-28T19:42:102</DAT 


tps://qualysapi.qualys.com/api/2.0/fo/asset/ip/v4 v6/ip map lis 
utpu 
<RESPONS 

<DAT 


ETIME 


2) Prepare file2.xml with records to be added 
The XML file contents identify one or more IPv6 mapping records to be added. The 


element in the XML upload file are described below. 

Column Description 

<V4> (Required) An IPv4 address. The IPv4 address can be 
defined in only one IPv6 mapping record within your 
subscription. 

<V6> (Required) An IPv6 address. The IPv6 address can be 
defined in only one IPv6 mapping record within your 
subscription. 

<ID> (Optional) A user-defined, custom ID may be included. 
Important: Custom ID values will not be saved with record 


data within your subscription. 


The XML file must include the input parameters action=add and xml_data=. The 
parameter all_or_nothing is optional. When set to 1 or unspecified, the service cancels the 
request and does not add any new records if it finds the upload data has one record with 
an IP conflict. When set to 0 the service does not cancel the request if an IP conflict is 


found. 


Sample file2.xml used to add IPv6 mapping records: 


S cat file2.xml 


action=addéxml data= 


<IP_ 


MAP LIST> 
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<IP MAP> 
<V4>0.0.0.2</V4> 
<V6>2001:470:8418:a18::a0a:1805</V6> 

</IP MAP> 

<IP MAP> 
<V4>0.0.0.3</V4> 
<V6>2001:470:8418:a18::a0a:ab7</V6> 

</IP_MAP> 

</IP MAP LIST> 


3) POST data from file2.xml (Success) 
API request: 


S curl -u username:password -H "X-Requested-With: curl" 
-d @file2.xml 
"https://qualysguard.api.qualys.com/api/2.0/fo/asset/ip/v4 v6/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https: //qualysguard.api.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2011-11-03T20:59:07Z</DATETIME> 
<TEXT>Successfully imported 2 records</TEXT> 
</RESPONSE> 
</SIMPLE_RETURN> 


Step 3: Enable IPv6 for Scanner Appliance(s) 


IPv6 scanning is supported using a scanner appliance enabled with IPv6. You can enable 
this by editing the appliance within the Qualys user interface. Once IPv6 is enabled, the 
appliance uses stateless address autoconfiguration to obtain an IPv6 address from the 
router (note that stateful configuration through DHCPv6 or Static IPv6 is not supported). 


Step 4: Launch Scan 


Using the Qualys API you can launch scans on the IPv4 addresses which are mapped to 
IPv6é addresses. 


Step 5: View IPv6 Addresses using Host List Detection API 


q 


The scan results XML output will include IPv4 addresses only. Also, scan reports 
downloaded from the user interface will include IPv4 addresses only. 


t= 


The host list detection output returned from a host list detection API request 
(api/2.0/fo/asset/host/vm/detection/?action=list ) gives you the IPv6 address, if available, 
along with the “automatic” vulnerability detection data. 
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To request a list of VM scanned hosts which have IPv4 addresses that are mapped to IPv6 
addresses in your account, you enter the IPv4 addresses for the ips parameter. 


For example, if the special IPv4 address 0.0.0.199 is mapped to an IPv6 address in your 
account and this IP address has been scanned, you can make this API request: 


curl -H "X-Requested-With: Curl Sample" -u "username:password" 


"https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/? 
action=listéips=0.0.0.100" 


XML output returned will show the IPv4 address and the IPv6 address for the host, as 
shown below (XML fragment): 


<HOST> 
<ID>276010</ID> 
<IP>0.0.0.100</IP> 
<IPV6>2001:470:8418:a18: :a0a:18c7</IPV6> 
<TRACKING METHOD>I P</TRACKING METHOD> 
<OS><! [CDATA [Windows 2003 Service Pack 2]]></OS> 
<DNS><! [CDATA[mssql2k8-24-199.patch.qualys.com] ]></DNS> 
<LAST SCAN DATETIME>2018-06- 
17T19:06:31Z</LAST SCAN _DATETIME> 
<DETECTION LIST> 


IPv6 Mapping Record List 


/api/2.0/fo/asset/ip/v4_v6 
[GET] [POST] 


View a list of IPv6 mapping records in the subscription. Each mapping record associates 
one IPv6 address in your network with one IPv4 address in the special mapping range 
0.0.0.1-0.254.255.255. 


A maximum of 5,000 IPvé mapping records will be processed per request, unless the 
truncation_limit input parameter is specified. If the requested list identifies more than 
5,000 records or the number of records specified using truncation_limit, then the XML 
output includes the <WARNING> element and instructions for making another request for 
the next batch of records. 


Permissions - Managers can view all IPv6 mapping records when the IPv6 Support feature 
is enabled for the user's subscription. Other users do not have permission to view IPv6 
mapping records. 
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Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Show (echo) the request’s input parameters 


(names and values) in the XML output. When not specified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


id_min={value} (Optional) Show only mapping records which have a 
minimum record ID. A valid mapping record ID is required. 
When unspecified, records are not filtered by record ID. 


id_max={value} (Optional) Show only mapping records which have a 
maximum record ID. A valid mapping record ID is required. 


ipv4_filter=[value} (Optional) Show only mapping records with certain IPv4 
addresses. When unspecified, records are not filtered by 
IPv4 addresses. 


ipv6_network={value} (Optional) Show only mapping records with certain IPv6 
network addresses. When unspecified, records are not 
filtered by IPv6 network addresses. 


output_format=(CSVv|XML} (Optional) The requested output format: CSV or XML. 
When unspecified, the output format will be CSV. 
Note: When the service outputs CSV, each line ends with a 
carriage-return and linefeed pair (ASCII/CRLF=0x0D 0x0A). 


truncation_limit={value} (Optional) The maximum number of mapping records to be 
returned by the API request. A valid value is an integer 
between 1 and 1,000,000. When unspecified, 5,000 records 
will be returned. 


DTD 
<platform API server>/api/2.0/fo/asset/ip/v4_v6/asset/ip/v4_v6/ip_map_list_output.dtd 


Sample IPv6 Mapping Records List Output 
How to Add IPv6 Records in CSV 


How to Add IPv6 Records in XML 


Add |IPv6 Mapping Records 
/api/2.0/fo/asset/ip/v4_v6 
[POST] 


Add IPv6 mapping records to the subscription. Each mapping record associates one IPv6 
address in your network with one IPv4 address in the special mapping range 0.0.0.1- 
0.254.255.255. A maximum of 10,000 mapping records can be added per API request. 
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Permissions - Managers can add IPv6 mapping records, when the IPv6 Support feature is 
enabled for the user's subscription. Other user roles do not have these permissions. 


Input Parameters 


Parameter 


Description 


action=add 


(Required) 


echo_request={0|1} 


(Optional) Show (echo) the request's input parameters 
(names and values) in the XML output. When not specified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


csv_data={value} 


The CSV data file containing the IPv6 mapping records that 
you want to add. This parameter or xml_data must be 
specified. See How to Add IPv6 Records in CSV 


The parameters csv_data and xml_data cannot be 
specified in the same request. 


xml_data={value} 


The CSV data file containing the IPv6 mapping records that 
you want to add. This parameter or csv_data must be 
specified. See How to Add IPv6 Records in XML 


The parameters csv_data and xml_data cannot be 
specified in the same request. 


all_or_nothing={0|1} 


(Optional) This parameter controls how the service 
processes the IPv6 mapping records in the upload data. 
When unspecified or set to 1, the service cancels the 
request and does not add any new records once it finds the 
upload data has one record with an IP conflict. When set to 
0 the service does not cancel the request if an IP conflict is 
found. 


DTD 


<platform API server>/api/2.0/simple_return.dtd 


Sample XML Output 


How to Add IPv6 Records in CSV 
How to Add IPv6 Records in XML 
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Networks 


The Network API is used to manage networks when the Network Support feature is 
enabled in the user's subscription. 


Network List 
Create Network 
Update Network 


Assign Scanner Appliance to Network 


Network List 
/api/2.0/fo/network/?action=list 
[GET] [POST] 


List custom networks in your account. 


Permissions - A Manager will view all custom networks in the subscription, a Unit 
Manager will view custom networks in their business unit’s assigned asset groups, and a 
Scanner/Reader will view custom networks in their account’s assigned asset groups. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request=({0|1} (Optional) Show (echo) the request’s input parameters 


(names and values) in the XML output. When unspecified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


ids={value1,value2} (Optional) Filter the list to view specific networks. 


Sample - List custom networks 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/network/?action=listéids= 
7343,7345,7350" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE NETWORK LIST SYSTEM 
"https://qualysapi.qualys.com/network list output.dtd"> 
<RESPONSE> 
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<DATETIMF>2018-05-28T01:06:45Z</DATETIME> 
<NETWORK LIST> 
<NETWORK> 
<ID>7343</ID> 
<NAME><! [CDATA[My New Network] ]></TITLE> 
<SCANNER APPLIANCE LIST> 
<SCANNER_APPLIANCE> 
<ID>1234</ID> 
<FRIENDLY NAME><! [[CDATA[abc123]]></FRIENDLY NAME 
</SCANNER APPLIANCE> 
</SCANNER APPLIANCE LIST> 
</NETWORK> 


=] 
Vv 


</NETWORK LIST> 
</RESPONSE> 


DTD 
<platform API server>/api/2.0/fo/network/network_list_output.dtd 


Create Network 


/api/2.0/fo/network/?action=create 


[POST] 


Create a new custom network. 
Permissions - This API is available to Managers only. 


Know more - Before you're ready to start scanning, you'll need to 1) assign scanner 
appliance(s) to your network, and 2) add host assets to your network (assign asset groups 
to it). 


Input Parameters 


Parameter Description 
action=create (Required 
echo_request={0|1} Optional) Show (echo) the request’s input parameters 


names and values) in the XML output. When unspecified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


name={value} (Required) A user-defined friendly name for your network. 
A successful request will return a unique network ID and 
this is used to manage your network using the API. 
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Sample - Create custom network 


API request: 
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d 
"action=create&name=My+Network" 
"https://qualysapi.qualys.com/api/2.0/fo/network/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-01-14T04:37:24Z</DATETIME> 
<TEXT>Network created with ID</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>id</KEY> 
<VALUE>1103</VALUI 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 


eal 
Vv 


DTD 
<platform API server>/api/2.0/simple_retum.dtd 
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Update Network 
/api/2.0/fo/network/?action=update 
[POST] 


Create a new custom network. 


Permissions - This API is available to Managers only. 


Input Parameters 


Networks 
Update Network 


Parameter Description 
action=update (Required) 
echo_request=(0|1} (Optional) Show (echo) the request’s input parameters 


(names and values) in the XMI 


L output. When unspecified, 


parameters are not included in the XML output. Specify 1 


to view parameters in the XML output. 


name={value} (Required) Specify a new netw 
assigned by our service and it 


ork name. (The network ID is 
can’t be changed.) 


Sample - Update network 
API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -qd 
"1d=1130éaction=updateéname=Network+123" 
"https://qualysapi.qualys.com/api/2.0/fo/network/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0 
<SIMPLE RETURN> 

<RESPONSE> 


?> 


/simple_return.dtd"> 


<DATETIME>2018-05-20T06:17:062Z</DATETIME> 


<TEXT>Network updated</TEXT> 


<KEY>id</KEY> 
<VALUE>1103</VALUI 
</ITEM> 

<ITEM> 
<KEY>name</KEY> 
<VALUE>Network 123</VALUI 


eal 
V 


eal 
V 


</ITEM LIST> 
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</RESPONSE> 
</SIMPLE RETURN> 


DTD 
<platform API server>/api/2.0/simple_return.dtd 


Assign Scanner Appliance to Network 
/api/2.0/fo/appliance/?action=assign_network_id 


[POST] 


Assign a scanner appliance to a network. When the network support feature is enabled for 
your subscription, scanner appliances are assigned to networks. Each appliance can be 
assigned to 1 network only. 


Permissions - This API is available to Managers only. 


Input Parameters 


Parameter Description 
action=assign_network_id Required 
echo_request={0|1} Optional) Show (echo) the request’s input parameters 


names and values) in the XML output. When unspecified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


appliance_id={value} Required) ID of the scanner appliance you want to assign 
to a network. 


network_id={value} (Required) ID of the network you want to assign the 
scanner appliance to. 


Sample - Assign scanner appliance to network 


API request: 
curl -u "USERNAME :PASSWORD" -H "X-Requested-With: test" -d 
action=assign network id&appliance id=506&network id=1002" 
"https://qualysapi.qualys.com/api/2.0/fo/appliance/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 


<RES PONSE> 
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<DATETIME>2018-03-16T22:50:49Z</DATETIME> 
<TEXT>Success: Network ID=[1103] assigned to Appliance with 
ID=[506]</TEXT> 
</RESPONSE> 
</SIMPLE_RETURN> 


Or, if unsuccessful, the response might look like this: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2018-03-16T22:53:41Z</DATETIME> 
<CODE>1905</CODE> 
<TEXT>parameter network id has invalid value: 1103 (No such 
network ID) </TEXT> B 
</RESPONSE> 
</SIMPLE RETURN> 


DTD 
<platform API server>/ap1/2.0/simple_return.dtd 
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Reports 


Launch and manage reports in your account. Report Share must be enabled for your 
account. 


Report List 

Launch Report 

Launching Reports Using Asset Tags 

Launching and Fetching Compliance Reports in CSV Format 


Report Template List 


Launch Scorecard 

Cancel Running Report 
Download Saved Report 
Delete Saved Report 
Scheduled Reports List 
Launch Scheduled Report 
Asset Search Report 
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Report List 


/api/2.0/fo/report/?action=list 


[GET] [POST] 


Reports 
Report List 


View a list of reports in the user’s account when Report Share feature is enabled. The 
report list output includes all report types, including scorecard reports. 


User permissions - Managers and Auditors view all assets in the subscription, Unit 
Managers view assets in their own business unit, Scanners and Readers view assets in 


their own account. 


Input Parameters 


Parameter Description 
action=list Required) 
echo_request={0|1} Optional) Specifies whether to echo the request’s input 


not 


parameters (names and values) in the XML output. When 
specified, parameters are not included in the XML 
output. Specify 1 to view parameters in the XML output. 


id={value} 


Op 
the 


Report Share storage space. When 


information on the selected report wi 
XMI 


L output. 


tional) Specifies a report ID of a report that is saved in 


specified, 
be included in the 


state={value} 


(Optiona 


) Specifies that reports with a certain state will be 
included in the XML output. By defau 
included. A valid value is: Running (re 
progress), Finished, Submitted, Cance 


t, all states are 
ports are in 
ed, or Errors. 


user_login={value} 


Op 


tional) Specifies a user login ID. Th 


is parameter is used 


to restrict the XML output to reports launched by the 
specified user login ID. 


expires_before_datetime= 
{date} 


Op 


tional) Specifies the date and time (optional) when 


reports will expire in the future. Only 
before this date/time will be included 


reports that expire 
in the XML output. 


The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] 


format 


“2007-01-25T23:12:002”. 


(UTC/GMT), like “2007-07-01” or 


client_id={value} 


(Op 
sub 


tional) Id assigned to the client (Consultant type 


scriptions). 


client_name={value} 


(Optional) Name of the client (Consultant type 


sub 


scriptions). 


Note: The client_id and client_name parameters are 
mutually exclusive and cannot be specified together in the 
same request. 
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Sample - List reports 


curl -H "X-Requested-With: Curl 


Reports 
Report List 


Sample" 


-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; 


secure" "ht 
- A 


?action=list 


<?xml version="1.0" encoding="UTF-8" 


tps://qualysapi.qualys.com/api/2.0/fo/report/ 


?> 


<!DOCTYPE REPORT_LIST_OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/report/report list output 
.dtd"> 
<REPORT LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2017-10-30T22:32:152Z</DATETIME> 
<REPORT_LIST> 
<REPORT> 
<ID>42703</ID> 
<TITLE><! [CDATA[Test now] ]></TITLE> 
<TYPE>Scan</TYPE> 
<USER_LOGIN>acme_aa</USER_LOGIN> 
<LAUNCH DATETIME>2017-10-30T17:59:22Z</LAUNCH DATETIME> 
<OUTPUT_FORMAT>PDF</OUTPUT_ FORMAT> 
<SIZE>129.1 MB</SIZE> 
<STATUS> 
<STATE>Finished</STATE> 
</STATUS> 
<EXPIRATION DATETIME>2017-11- 
06T17:59:24Z</EXPIRATION DATETIME> 
</REPORT> 
<REPORT> 
<ID>42700</ID> 
<TYPE>Scorecard</TYPE> 
<USER_LOGIN>acme_ts2</USER_LOGIN> 
<LAUNCH DATETIME>2017-10-29T22:12:42Z</LAUNCH DATETIME> 
<OUTPUT_FORMAT>SECURE_PDF</OUTPUT_FORMAT> 
<SIZE>18.1 KB</SIZE> 
<STATUS> 
<STATE>Finished</STATE> 
</STATUS> 
<EXPIRATION DATETIME>2017-11- 
059T22:12:44Z</EXPIRATION DATETIME> 
</REPORT> 
<REPORT> 
<ID>42699</ID> 
<TYPE>Scorecard</TYPE> 
<USER_LOGIN>quays_ts2</USER_LOGIN> 
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<LAUNCH DATETIME>2017-10-29T21:52:19Z</LAUNCH DATETIME> 
<OUTPUT FORMAT>PDF</OUTPUT FORMAT> 
<SIZE>19.87 KB</SIZE> 
<STATUS> 

<STATE>Finished</STATE> 
</STATUS> 
<EXPIRATION DATETIME>2017-11- 
059T21:52:21Z</EXPIRATION DATETIME> 

</REPORT> 
</REPORT_ LIST> 

</RESPONSE> 

</REPORT_ LIST OUTPUT> 


DTD 
<platform API server>/api/2.0/fo/report/report_list_output.dtd 


Launch Report 
/api/2.0/fo/report 
[POST] 


Launch a report in the user's account. The Report Share feature must be enabled in the 
user's subscription. When a report is launched with Report Share, the report is run in the 
background, and the report generation processing does not timeout until the report has 
completed. 


User permissions - Managers and Auditors can launch scorecard reports on all assets in 
the subscription, Unit Managers can launch scorecard reports on assets in their own 
business unit, Scanners and Readers can launch scorecard reports on assets in their own 
account. 


Note: The Launch Report API for Compliance Policy Reports is available as part of one of 
the following subscription combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 
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Parameter 


Reports 
Launch Report 


Description 


action=launch 


(Required) 


echo_request={0|1} 


(Optional) Specifies whether to echo the request’s input 
parameters (names and values) in the XML output. When 
not specified, parameters are not included in the XML 
output. Specify 1 to view parameters in the XML output. 


template_id={value} 


(Required) The template ID of the report you want to 

aunch. Use the /msp/report_template_list.php API to find 
the template ID you're interested in. See Report Template 
List. 


report_title=[value} 


(Optional) A user-defined report title. The title may have a 
maximum of 128 characters. For a PCI compliance report, 
the report title is provided by Qualys and cannot be 

changed. 


output_format={value} 


Required) One output format may be specified. Supported 
formats for various reports are below. 
- map report: pdf, html (a zip file), mht, xml, or csv 

- scan report: pdf, html (a zip file), mht, xml, csv, or docx 

- remediation report: pdf, html (a zip file), mht, or csv 

- compliance report (not PCI): pdf, html (a zip file), or mht 
- PCI compliance report: pdf or html (a zip file) 

- patch report: pdf, online, xml or csv 
- compliance policy report: pdf, html (a zip file), mht, xml, 
or csv (see Launching and Fetching Compliance Reports in 
CSV Format) 


hide_header=({0|1} 


(Valid for CSV format report only). Specify hide_header=1 
to omit the header information from the report. By default 
this information is included. 


pdf_password={value} 


(Required for secure PDF distribution, Manager or Unit 
Manager only) 
The password to be used for encryption. Requirements: 

- the password must have a minimum of 8 characters 
ascii), and a maximum of 32 characters 

- the password must contain alpha and numeric characters 
- the password cannot match the password for the user's 
Qualys account. 

- the password must follow the password security 
guidelines defined for your subscription (log into your 
account and go to Users > Setup > Security) 


— 
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recipient_group={value} 


Optional for secure PDF distribution, Manager or Unit 
Manager only) 
The report recipients in the form of one or more 
distribution group names, as defined using the Qualys UI. 
Multiple distribution groups are comma separated. A 
maximum of 50 distribution groups may be entered. 


The recipient_group parameter can only be specified when 
the pdf_password parameter is also specified. 


The recipient_group parameter cannot be specified in the 
same request as recipient_group_id 


recipient_group_id={value} 


(Optional for secure PDF distribution, Manager or Unit 
Manager only) 
The report recipients in the form of one or more 
distribution group IDs. Multiple distribution group IDs are 
comma separated. Where do I find this ID? Log in to your 
Qualys account, go to Users > Distribution Groups and 
select Info for a group in the list. 


[he recipient_group_id parameter can only be specified 
when the pdf_password parameter is also specified. 


[he recipient_group_id parameter cannot be specified in 
the same request as recipient_group 


MAP REPORT 


report_type=Map 


Optional) 


domain={value} 


Required for map report) Specifies the target domain for 
the map report. Include the domain name only; do not 
enter “www.” at the start of the domain name. When the 
special “none” domain is specified as a parameter value, 
the ip_restriction parameter is required. 


ip_restriction={value} 


Optional for map report) For a map report, specifies 
certain IPs/ranges to include in the report. This parameter 
is required when the domain parameter is specified with 
the value “none” (for the special “none” domain). 


Multiple IPs and/or ranges are comma separated. 


report_refs={value} 


(Required for map report) For a map report, specifies the 
map references (1 or 2) to include. A map reference starts 
with the string “map/” followed by a reference ID number. 
When two map references are given, the report compares 
map results. Two map references are comma separated. 


SCAN REPORT - SCAN BAS] 


ED FINDINGS 


report_type=Scan 


(Optional) 


532 


Parameter 
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Description 


report_refs=[value) 


iF | 


Required for Manual scan report) For a Manual scan 
report, this parameter specifies the scan references to 
include. A scan reference starts with the string “scan/” 


ollowed by a reference ID number. Multiple scan 
references are comma separated. 

ip_restriction=[value) Optional for Manual scan report) For a scan report, the 
report content will be restricted to the specified IPs/ranges. 
Multiple IPs and/or ranges are comma separated. 

SCAN REPORT - HOST BASED FINDINGS 

report_type=Scan Optional) 

ips={value} Optional) Specify IPs/ranges to change (overwrite) the 


report target, as defined in the report template. Multiple 


IPs/ran 


ges are comma separated. When specified, hosts 


defined in the report template are not included in the 
report. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


asset_group_ids={value} 


(Optional) Specify asset group IDs to change (overwrite) 
the report target, as defined in the report template. When 
specified, hosts defined in the report template are not 


included in the report. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


ips_network_id={value} 


(Optional, and valid only when the Network Support 


feature is enabled for the user's account) The ID of a 
network that is used to restrict the report’s target to the 
Ps/ranges specified in the “ips” parameter. Set to a custom 
network ID (note this does not filter IPs/ranges specified in 
“asset_group_ids”). Or set to “0” (the default) for the Global 
Default Network - this is used to report on hosts outside of 


your custom networks. 


PATCH REPORT 


ips={value} 


(Optional for patch report) Specify IPs/ranges to change 
(override) the report target, as defined in the patch report 
template. Multiple IPs/ranges are comma separated. When 
specified, hosts defined in the report template are not 
included in the report. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 
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asset_group_ids={value} 


(Optional for patch report) Specify IPs/ranges to change 
(override) the report target, as defined in the patch report 
template. Multiple asset group IDs are comma separated. 
When specified, hosts defined in the report template are 
not included in the report. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


REMEDIATION REPORT 


report_type=Remediation 


(Optional 


ips={value} 


(Optional for remediation report) Specify IPs/ranges you 
want to include in the report. Multiple IPs and/or ranges 
are comma separated. 


You can specify ips and/or asset_group_ids, or asset tags 
see Launching Reports Using Asset Tags). 


asset_group_ids={value} 


(Optional for remediation report) Specify asset group IDs 
that identify hosts you want to include in the report. 
Multiple asset group IDs are comma separated. 


You can specify ips and/or asset_group_ids, or asset tags 
see Launching Reports Using Asset Tags). 


assignee_type=(User|All]} 


(Optional for remediation report) Specifies whether the 
report will include tickets assigned to the current user 
User is set by default), or all tickets in the user account. By 
default tickets assigned to the current user are included. 


COMPLIANCE REPORT 


report_type=Compliance 


(Optional) For compliance type report. Compliance type 
reports are Qualys Top 20 Report, SANS Top 20 Report, 
Qualys PCI Executive Report, and Qualys PCI Technical 
Report. 


ips={value} 


(Optional for compliance report) For a compliance report 
(except a PCI report), specify the IPs/ranges you want to 
include in the report. Multiple IPs and/or ranges are 
comma separated. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


Optional: Qualys Top 20 Report, SANS Top 20 Report 


Invalid: PCI Executive Report, PCI Technical Report 
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asset_group_ids={value} 


(Optional for compliance report) For a compliance report 
(except a PCI report), specify asset groups IDs which 
identify hosts to include in the report. Multiple asset group 
IDs are comma separated. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


Optional: Qualys Top 20 Report, SANS Top 20 Report 


Invalid: PCI Executive Report, PCI Technical Report 


report_refs={value} 


(Required for PCI compliance report) For a PCI compliance 
report, either the technical or executive report, this 
parameter specifies the scan reference to include. A scan 
reference starts with the string “scan/” followed by a 
reference ID number. The scan reference must be for a 
scan that was run using the PCI Options profile. Only one 
scan reference may be specified. 


Required: PCI Executive Report, PCI Technical Report 
Invalid: Qualys Top 20 Report, SANS Top 20 Report 


COMPLIANCE POLICY RI 


EPORT 


report_type=Policy 


(Optional) 


policy_id={value} 


(Required) Specifies the policy to run the report on. A valid 
policy ID must be entered. 


asset_group_ids={value} 


(Optional) Specify asset group IDS if you want to include 
only certain asset groups in your report. These asset 
groups must be assigned to the policy you are reporting on. 
Multiple asset group IDs are comma separated. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


ips={value} 


(Optional) Specify IPs/ranges if you want to include only 
certain IP addresses in your report. These IPs must be 
assigned to the policy you're reporting on. Multiple entries 
are comma separated. 


You can specify ips and/or asset_group_ids, or asset tags 
(see Launching Reports Using Asset Tags). 


host_id={value} 


(Optional) In the policy report output, show only results 
for a single host instance. Specify the ID for the host to 
include in the report. A valid host ID must be entered. 


This parameter must be specified with instance_string. 
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Parameter Description 


instance_string={value} (Optional) Specifies a single instance on the selected host. 
The instance string may be “os” or a string like 
“oracle10:1:1521:0ra10204u”. 


Use the Compliance Posture Information API (with the 
endpoint/api/2.0/fo/compliance/posture/info) to find the 
appropriate instance string. 


This parameter must be specified with host_id. 


DTD 
<platform API server>/api/2.0/simple_return.dtd 


Sample - Launch Report 


curl -H "X-Requested-With: Curl Sample" 

-d "action=launch&template id=55469éo0utput_format=pdf" 

-b "QualysSession=7le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/report/" 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE GENERIC SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-06-20T21:45:23Z</DATETIME> 
<TEXT>New report launched</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>1665</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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Launching Reports Using Asset Tags 


It's possible to select asset tags for both vulnerability and compliance reports. Use the 
following tag parameters to launch your report using asset tags. 


Parameter 


Description 


use_tags=[0|1) 


(Optional) Specify 1 when your report target will include 
asset tags. Specify 0 (the default) when your report target 
willinclude IP addresses/ranges and/or asset groups. When 
not specified, use_tags=0 is used. 


tag include_selector= 
{alllany} 


Optional) Select “any” (the default) to include hosts that 
match at least one of the selected tags. Select “all” to 
include hosts that match all of the selected tags. 


tag_include_selector is valid only when use_tags=1 is 
specified. 


tag_exclude_selector= 
{alljany} 


Optional) Select “any” (the default) to exclude hosts that 
match at least one of the selected tags. Select “all” to 
exclude hosts that match all of the selected tags. 


tag_exclude_selector is valid only when use_tags=1 is 
specified. 


tag_set_by={id|name} 


(Optional) Specify “id” (the default) to select a tag set by 
providing tag IDs. Specify “name” to select a tag set by 
providing tag names. 


tag_set_by is valid only when use_tags=1 is specified. 


tag_set_include={value} 


Optional) Specify a tag set to include. Hosts that match 
these tags will be included. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. 


tag_set_include is valid only when use_tags=1 is specified. 


tag_set_exclude={value} 


Optional) Specify a tag set to exclude. Hosts that match 
these tags will be excluded. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. 


tag_set_exclude is valid only when use_tags=1 is specified. 


API request: 


eur =u "US 


-d 


ERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


"action=launchétemplate id=55469éreport title=Myt+tWindows+Reporté&ou 
tput_format=pdf&use tags=l&tag set by=nameé&tag set include=Windows 
" "https://qualysapi.qualys.com/api/2.0/fo/report/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE GE 


ERIC SYSTEM 
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"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2014-02-20T21:45:232</DATETIME> 
<TEXT>New report launched</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>1665</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_RETURN> 


Launching and Fetching Compliance Reports in CSV Format 


Policy Compliance Reporting Service (PCRS) is a new reporting service to improve 
performance in Policy Compliance report generation. With PCRS, we've enhanced policy 
reports in CSV format by automatically compressing large size reports. When you run a 
policy report in CSV format, the report will be in ZIP format if the report size is between 

1 GB and 5 GB; while reports less than 1 GB will be in CSV format. Similar improvements to 
other report formats will be added soon. You can download reports from the user 
interface or fetch reports by using APIs. 


Note: This feature will be automatically enabled for customers with the release of Qualys 
Policy Compliance Reporting Service 1.0.0. Contact Qualys Support if you do not want this 
feature to be enabled for your subscription. 


Important: If you are currently using the Report API to launch and fetch 
compliance policy reports in CSV format, then it’s important to note that once 
PCRS is enabled for your subscription, any CSV compliance policy report that is 
over 1GB in size will be compressed automatically and you will get a ZIP file 
instead of a CSV file. You'll need to update your code or work with your 3rd 
party vendor to monitor the response header and if the report is compressed, 
add a step to uncompress the ZIP file before parsing the data. 


When fetching a report using the API, the response header will indicate if the report is 
compressed or not. See the API samples that follow. 


- In case of compressed reports, header content-type is - application/zip 


- In case of uncompressed reports, header content-type is - text/csv 


Sample: Report size more than 1 GB 
In this sample, the report being downloaded is more than 1GB in size. 
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API Request 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d 
"action=fetch&id=<REPORT ID>" 
"https://qualysapi.qualys.com/api/2.0/fo/report/" 


Response Header 


You'll notice that the header Content-Type is "application/zip" 


* About to connect() to qualysapi.xxx.qualys.com port <PORT NUMBER> (#0) 
x Trying XX.XX.X.XXX 
* Connected to qualysapi.xxx.qualys.com (xx.xx.x.xxx) port <PORT NUMBER> 


#0) 


Initializing NSS with certpath: sql:/etc/pki/nssdb 
skipping SSL peer certificate verification 
SSL connection using TLS ECDHE RSA WITH AES 128 GCM SHA256 


Server certificate: 
subject: CN=*.xxx.qualys.com, OU=Engin 
Inc.",L=Foster City,ST=California, C=US 


+ £ + F HF NW 


ring,O="Qualys, 


start date: 


Sep 16 09:45:00 2020 GMT 


xpire dat 
common name: 


Sep 16 09:45:00 2022 GMT 
* -xxx.qualys.com 


+ + F 3& 


issuer: E=xx@qualys.com,CN=Qualys Ops 
T2vl,O0U=Operations, O="Qualys, Inc.",L=Redwood City, ST=California,C=US 
* Server auth using Basic with user '<USER NAME>' 
POST /api/2.0/fo/report/ HTTP/1.1 
Authorization: <AUTHORIZATION TOKEN> 
User-Agent: curl/7.29.0 

Hos qualysapi.xxx.qualys.com 

Accept: */* 

X-Requested-With:curl demo2 

tent-Length: 22 

tent-Type: application/x-www-form-urlencoded 


Con 
Con 


{data not shown] 

upload completely sent off: 
HTTP/1.1 200 OK 

Date: Thu, 07 Oct 2021 11:15:03 GMT 

Server: Qualys 

Strict-Transport-Security: max-age=63072000; 
X-XSS-Protection: 1; mode=block 
X-Content-Type-Options: nosniff 

X-Frame-Op SAMEORIGIN 
Strict-Transport-Security: max-age=31536000; 
X-Rate t-Limit: 300 
X-Rate t-Window-Sec: 3600 
X-Concurrency-Limit-Limit: 2 
X-Concurrency-Limit-Running: 
X-Rate t-ToWait-Sec: 0 
X-RateLimit-Remaining: 297 
Content-Length: 221540169 
Connection: keep-alive 
Content-Disposition: attachment; 
Content-Type: application/zip 


*~ VV VV VV VV OV 


22 out of 22 bytes 


tions: 
includeSubDomains 
Limi 
Limi 


0 


Limi 


ENAM 


filename=<FIL E>.zip 


NR RK AK KR KR AK AK AAANAAN 
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Sample: Report size less than 1 GB 
In this sample, the report being downloaded is less than 1GB in size. 


API Request 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d 
"action=fetch&id=<REPORT ID>" 
"https://qualysapi.qualys.com/api/2.0/fo/report/" 


Response Header 


You'll notice that the header Content-Type is "text/csv;charset=UTF-8" 


* About to connect() to qualysapi.xxx.qualys.com port <PORT NUMBER> (#0) 
x Trying XX.XX.X.XXX... 

* Connected to qualysapi.xxx.qualys.com (xx.xx.x.xxx) port <PORT NUMBER> 
(#0) 

* Initializing NSS with certpath: sql:/etc/pki/nssdb 

* skipping SSL peer certificate verification 

* SSL connection using TLS ECDHE RSA WITH AES 128 GCM SHA256 

* Server certificate: 

x subject: CN=*.xxx.qualys.com, OU=Engineering,O="Qualys, 


Inc.",L=Foster City,ST=California, C=US 

start date: Sep 16 09:45:00 2020 GMT 

xpire date: Sep 16 09:45:00 2022 GMT 
common name: *.xxx.qualys.com 

issuer: E=xx@qualys.com,CN=Qualys Ops 
T2vl1,O0U=Operations, O="Qualys, Inc.",L=Redwood City, ST=California,C=US 
* Server auth using Basic with user '<user name>' 
POST /api/2.0/fo/report/ HTTP/1.1 
Authorization: <AUTHORIZATION TOKEN> 
User-Agent: curl/7.29.0 

Host: qualysapi.xxx.qualys.com 

Accept: */* 

X-Requested-With:curl demo2 

Content-Length: 22 

Content-Type: application/x-www-form-urlencoded 


+ + F 3 


*VVVVV VV VV 


upload completely sent off: 22 out of 22 bytes 
HTTP/1.1 200 OK 

Date: Thu, 07 Oct 2021 11:16:21 GMT 

Server: Qualys 

Strict-Transport-Security: max-age=63072000; 
X-XSS-Protection: 1; mode=block 
X-Content-Type-Options: nosniff 
X-Frame-Options: SAMEORIGIN 
Strict-Transport-Security: max-age=31536000; includeSubDomains 
X-RateLimit-Limit: 300 

X-RateLimit-Window-Sec: 3600 
X-Concurrency-Limit-Limit: 2 


X-Concurrency-Limit-Running: 0 
X-RateLimit-ToWait-Sec: 0 
X-RateLimit-Remaining: 296 
Content-Length: 294850 


NRA KR KA KR AK AK AAKAANAA 
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< Connection: keep-alive 

< Content-Disposition: attachment; 
filename=Compliance Report PCRA 326 XXX.CSV 
< Content-Type: text/csv;charset=UTF-8 


Report Template List 
/msp/report_template_list.php 
[GET] [POST] 


List available report templates, including template titles and IDs, in the user account. The 
report list includes templates for all report types. 


DTD 
<platform API server>/report_template_list.dtd 


Sample - Report template list 
API request: 


curl -u username:password -H "X-Requested-With: curl" 
"https://qualysapi.qualys.com/msp/report template list.php" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE REPORT TEMPLATE LIST SYSTEM 

"https://qualysapi.qualys.com/report template list.dtd"> 

<REPORT TEMPLATE LIST> 

<REPORT TEMPLATE> 

<ID>235288</ID> 

<TYPE>Auto</TYPE> 

<TEMPLATE TYPE>Scan</TEMPLATE TYPE> 

<TITLE><! [CDATA[Windows Authentication QIDs]]></TITLE> 

<USER> 

<LOGIN><! [CDATA[acme_ jk] ]></LOGIN> 

<FIRSTNAME><! [CDATA [Jason] ]></FIRSTNAM 

<LASTNAME><! [CDATA [Kim] ] ></LASTNAME> 

USER> 

LAST UPDATE>2018-02-12T18:09:10Z</LAST UPDATE> 

,OBAL>0</GLOBAL> 

EPORT TEMPLATE> 

PORT TEMPLATE> 

D>235164</ID> 

<TYPE>Auto</TYPE> 

<TEMPLATE TYPE>Policy</TEMPLAT 


eal 
V 


EA 


Ss 


A 
Dean 
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H 


A 
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T 


` TYPE> 
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<TITLE><! [CDATA[My Policy Report Template]]></TITLE> 


<USER> 


<LOGIN><! [CDATA[acme_vs] ] ></LOGIN> 


<FIRSTNAME><! [CDATA[Victor] ]></FIRSTNAME> 


<LASTNAME><! [CDATA[Smith] ] ></LASTNAME> 


E 


</USER> 
<LAST UPDATE>2017-12-0 
<GLOBAL>0</GLOBAL> 
REPORT TEMPLATE> 
EPORT TEMPLATE> 
<ID>232556</ID> 
<TYPE>Auto</TYPE> 
<TEMPLATE TYPE>Scan</T 


<TITLE><! [CDATA[Executive Report] ]></TITLI 


<US 


=] 


R> 


E 


/USER> 


</REPORT TEMPLATE> 

<REPORT TEMPLATE> 
<ID>232557</ID> 
<TYPE>Auto</TYPE> 
<TEMPLATE TYPE>Scan</T 


< 
< 
<GLOBAL>1</GLOBAL> 
R 


<TITLE><! [CDATA[Technical Report] ]></TITLI 


<US 


°] 


R> 


9T22:47:58Z</LAST UPDATE> 


EMPLATE TYPE> 


eal 
V 


<LOGIN><! [CDATA[acme_ jk]]></LOGIN> 
<FIRSTNAME><! [CDATA [Jason] ]></FIRSTNAM 
<LASTNAME><! [CDATA [Kim] ] ></LASTNAME> 


Fl 
V 


LAST UPDATE>2017-11-11T17:11:55Z</LAST UPDATE> 


EMPLATE TYPE> 


eal 
V 


<LOGIN><! [CDATA[acme_ jk]]></LOGIN> 
<FIRSTNAME><! [CDATA [Jason] ]></FIRSTNAM 


Fl 
V 


<LASTNAME><! [CDATA [Kim] ] ></LASTNAME> 


</REPORT TEMPLATE LIST> 


Each <REPORT_TEMPLATE> element identifies template properties, including the report 
template ID, template type and title, in the sub-elements described below. 


Element Description 
<ID> The template ID number. 
<TYPE> The template type: Auto (for automatic) or Manual. 
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Element Description 


<TEMPLATE_TYPE> The report template type: 
Scan (for a scan report template) 
Map (for a map report template) 
Remediation (for a remediation report template) 
Compliance (for a compliance report template) 
Policy (for a compliance policy report template) 
Patch (for a patch report template) 


<TITLE> The template title, as defined in the Qualys user interface. 

<USER> The template owner, identified by login, first name and 
last name. For a system template, the login “system” is 
reported. 

<LAST_UPDATE> The most recent date and time when the template was 
updated. 

<GLOBAL> For a global template, the value 1 appears. For a non 


global template, the value 0 appears. 


Launch Scorecard 
/api/2.0/fo/report/scorecard 
[POST] 


Launch a vulnerability scorecard report in the user’s Report Share. It is not possible to 
launch any compliance scorecard reports or WAS scorecard reports using this API at this 
time. 


When a scorecard report is launched, the report is run in the background, and the report 
generation processing does not timeout until the report has completed. 


User Permissions - Managers and Auditors can launch scorecard reports on all assets in 
the subscription, Unit Managers can launch scorecard reports on assets in their own 
business unit, Scanners and Readers can launch scorecard reports on assets in their own 
account. 


Input Parameters 


Parameter Description 
action=launch (Required) 
echo_request={0|1} (Optional) Specifies whether to echo the request’s input 


parameters (names and values) in the XML output. When 
unspecified, parameters are not included in the XML 
output. Specify 1 to view parameters in the XML output. 
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Description 


name={value} 


(Required) Specifies the scorecard name for the 
vulnerability scorecard report that you want to launch. 
This name corresponds to a service-provided scorecard or 
a user-created scorecard. For a service-provided scorecard, 
specify one of these names: 

Asset Group Vulnerability Report 

Ignored Vulnerabilities Report 

Most Prevalent Vulnerabilities Report 

Most Vulnerable Hosts Report 

Patch Report 


report_title=[value} 


(Optional) Specifies a user-defined report title. The title 
may have a maximum of 128 characters. When 
unspecified, the report title will be the scorecard name. 


output_format={value} 


(Required) Specifies the output format of the report. One 
output format may be specified. A valid value is: 
pdf, html (a zip file), mht, xml, or csv. 


When output_format=pdf is specified, the Secure PDF 
Distribution may be used. See “Sample - Launch Report.” 


hide_header=({0|1} 


(Valid for CSV format report only). Specify hide_header=1 
to omit the header information from the report. By default 
this information is included. 
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Description 


pdf_password={value} 


(Required for secure PDF distribution, Manager or Unit 


Ma 


nager only) The password to be used for encryption. The 


password may have a maximum of 32 characters (ascii). 
The password cannot match the password for the user’s 


Qu 


alys login account. The password must follow the 


password security guidelines defined for the user’s 
subscription. 


Conditions: 


a) 1 
Ma 


[he pdf_password parameter can only be specified by a 
nager or Unit Manager. 


b)1 


[he pdf_password parameter can only be specified when 


Report Share is enabled for your subscription and the 
option “Enable Secure PDF Distribution” is selected (log 
into your account and go to Users > Setup > Security). 


recipient_group=({value} 


Ma 


Optional for secure PDF distribution, Manager or Unit 


nager only) 


The report recipients in the form of one or more 
distribution group names, as defined in your Qualys 
account. Each distribution group identifies a list of users 


wh 


o will receive the secure PDF report. Multiple 


distribution groups are comma separated. A maximum of 
50 distribution groups may be entered. 


Conditions: 
The recipient_group parameter can only be specified 


a) 
wh 


en the pdf_password parameter is also specified. 


b) The recipient_group parameter can only be specified by 


a Manager or Unit Manager. 


c) 


[he recipient_group parameter can only be specified 


wh 


en Report Share is enabled for your subscription and 


the option “Enable Secure PDF Distribution” is selected 


(Se 


tup—>Report Share). 


d) The recipient_group parameter cannot be specified in 
the same request as recipient_group_id 
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Description 


recipient_group_id=[value) 


(Optional for secure PDF distribution, Manager or Unit 
Manager only) The report recipients in the form of one or 
more distribution group IDs. Multiple distribution group 
IDs are comma separated. Where do I find this ID? Log in 
to your Qualys account, go to Users > Distribution Groups 
and select Info for a group in the list. 


Conditions: 
a) The recipient_group_id parameter can only be specified 
when the pdf_password parameter is also specified. 

b) The recipient_group_id parameter can onl 
by a Manager or Unit Manager. 


y be specified 


c) The recipient_group_id parameter can only be specified 
when Report Share is enabled for your subscription and 
the option “Enable Secure PDF Distribution” is selected 
(Setup—>Report Share). 


d) The recipient_group_id parameter cannot be specified in 
the same request as recipient_group 


source={value} 


(Conditional) The source asset groups for the report. 
Specify asset_groups to select asset groups. Specify 
business_unit to select all the asset groups in a business 
unit. 


For a user scorecard, this parameter is optional. When 
unspecified, the source selection set in the scorecard 
attributes (as defined in your Qualys account) is used. 


Conditions: 
a) The source parameter is required for a service-provided 
scorecard. 


b) For a user scorecard, the source selection specified in 
the source parameter replaces an existing source selection 
set in the scorecard attributes (as defined in your Qualys 
account). If you set this parameter to asset_groups, you 
must specify one of these parameters: asset_groups or 
all_asset_groups. If you set this parameter to business_unit 
then you must specify one or more of these parameters: 
business_unit, division, function and/or location. 
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asset_groups=[value) 


(Conditional) The titles of asset groups to be used as source 
asset groups for the scorecard report. One or more asset 
group titles in your account may be specified. Multiple 
asset group titles are comma separated. 


Conditions: 
a) The asset_groups parameter can only be specified when 
source=asset_groups. 


b) These parameters cannot be specified for the same API 
request: asset_groups and all_asset_groups. 


all_asset_groups={1} 


(Conditional) Set to 1 to select all asset groups available in 
your account as the source asset groups for the scorecard 
report. 


Conditions: 
a) The asset_groups parameter can only be specified when 
source=asset_groups. 


b) These parameters cannot be specified for the same API 
request: asset_groups and all_asset_groups. 


business_unit={value} 


(Conditional for a Manager; not valid for other users) 

The title of a business unit containing the source asset 
groups for the scorecard report. All asset groups in the 
business unit will be included in the report source. You 
may enter the title of a business unit in your account that 
was created by a Manager user, or you may enter 
“Unassigned” for the unassigned business unit. 


For a user scorecard, the business unit replaces an existing 
business unit set in the scorecard attributes (as defined in 
your Qualys account). If an empty value is set 
(business_unit=), the existing business unit in the 
scorecard attributes is not included in the scorecard 
parameters submitted with the API request. 


Conditions: 

a) When source=business_unit, one or more of these 
parameters must be specified: business_unit, division, 
function and/or location. 


b) The business_unit parameter can only be specified by a 
Manager. 
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division={value} 


(Conditional) A business info tag identifying a division that 
asset group(s) belong to. The tag must be defined for an 
asset group in your account. When specified, only asset 
groups with this tag are included in the scorecard report 
source. 


For a user scorecard, the division tag replaces an existing 
tag set in the scorecard attributes (as defined in your 
Qualys account). If an empty value is set (divisions), the 
existing division tag in the scorecard attributes is not 
included in the scorecard parameters submitted with the 
API request. 


Conditions: 
a) When source=business_unit, one or more of these 

parameters must be specified: business_unit, division, 
function and/or location. 


b) The division parameter can only be specified when 
source=business_unit. 


function={value} 


(Conditional) A business info tag identifying a business 
function for asset group(s). The tag must be defined for an 
asset group in your account. When specified, only asset 
groups with this tag are included in the scorecard report 
source. 


For a user scorecard, the function tag replaces an existing 
function tag set in the scorecard attributes (as defined in 

your Qualys account). If an empty value is set (function=), 
the existing function tag in the scorecard attributes is not 
included in the scorecard parameters submitted with the 

API request. 


Conditions: 

a) When source=business_unit, one or more of these 
parameters must be specified: business_unit, division, 
function and/or location. 


b) The function parameter can only be specified when 
source=business_unit. 


548 


Parameter 


Reports 
Launch Scorecard 


Description 


location={value} 


(Conditional) A business info tag identifying a location 
where asset group(s) are located. The tag must be defined 
for an asset group in your account. When specified, only 
asset groups with this tag are included in the scorecard 
report source. 


For a user scorecard, the location tag replaces an existing 
location tag set in the scorecard attributes (as defined in 
your Qualys account). If an empty value is set (location=), 
the existing location tag in the scorecard attributes is not 
included in the scorecard parameters submitted with the 
API request. 


Conditions: 

a) When source=business_unit, one or more of these 
parameters must be specified: business_unit, division, 
function and/or location. 


b) The location parameter can only be specified when 
source=business_unit. 


patch_qids={value} 


(Conditional for Patch Report scorecard; not valid for other 
scorecards 
Up to 10 QIDs for vulnerabilities or potential vulnerabilities 
with available patches. Multiple QIDs are comma 
separated. When the QIDs are detected on a host this 
means the host does not have the patches installed and it 
will be reported in the scorecard output. 


For a user-defined Patch Report, the patch QIDs list 
replaces the patch QIDs list set in the scorecard attributes 
(as defined in your Qualys account). If an empty value is 
set (patch_qids=), the existing patches QIDs list in the 
scorecard attributes is not included in the scorecard 
parameters submitted with the API request. 


Conditions: 
a) The patch_qids parameter may be specified only for a 
Patch Report. 


b) For a Patch Report, patch_gids or missing_qids must be 
specified. Both parameters may be specified together. 
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Parameter Description 
missing_qids={value} (Conditional for Patch Report scorecard; not valid for other 
scorecards) 


One or two QIDs for missing software. Two QIDs are 
comma separated. Typically missing software QIDs are 
information gathered checks. When the QIDs are not 
detected on a host this means the host is missing software 
and it will be reported in the scorecard output. 


For a user-defined Patch Report, the missing QIDs list 
replaces the missing QIDs list set in the scorecard 
attributes (as defined in your Qualys account). If an empty 
value is set (missing qids=), the existing missing QIDs list 
in the scorecard attributes is not included in the scorecard 
parameters submitted with the API request. 


Conditions: 
a) The missing_gids parameter may be specified only for a 
Patch Report. 


b) For a Patch Report, patch_qids or missing_qids must be 
specified. Both parameters may be specified together. 


DTD 
<platform API server>/api/2.0/simple_return.dtd 


Cancel Running Report 
/api/2.0/fo/report 
[POST] 


Cancel a running report in the user’s account. This is an option when Report Share is 
enabled in the user’s subscription. 


User permissions - Managers can cancel any running report. Unit Managers can cancel a 
running report in their own business unit (report launched by user in their own business 
unit). Scanners and Readers can cancel their own running report. 
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Input Parameters 


Parameter Description 

action=cancel (Required) 

id={value} (Required) Specifies the report ID of a running report that 
you want to cancel. The status of the report must be 
“running”. 

echo_request=({0|1} (Optional) Specifies whether to echo the request’s input 


parameters (names and values) in the XML output. When 
not specified, parameters are not included in the XML 
output. Specify 1 to view parameters in the XML output. 


Sample - Cancel running report 
curl -H "X-Requested-With: Curl Sample" 
-d "action=cancel&id=1462" 
-b "QualysSession=71le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/scan/" 


DTD 
<platform API server>/api/2.0/simple_return.dtd 


Download Saved Report 
/api/2.0/fo/report/ 
[GET] [POST] 


Download a saved report in the user’s account. You can download all report types (map, 
scan, patch, authentication, scorecard, remediation, compliance). This option is available 
when the Report Share feature is enabled in the user’s subscription. 


Downloading a Policy Report in CSV format? When PCRS is enabled for your subscription, 
we'll automatically compress large CSV policy reports and you'll get a Zip file instead of 
CSV when the report is greater than 1GB in size. See Launching and Fetching Compliance 
Reports in CSV Format for important details. 


User permissions - Managers can download any saved report. Unit Managers can 
download a saved report in their own business unit (reports launched by users in their 
own business unit). Scanners and Readers can download their own saved report. 


Input Parameters 


Parameter 


Description 


Reports 
Download Saved Report 


action=fetch 


Required) 


id=[value) 


“finished”. 


Required) Specifies the report ID of a saved report that you 
want to download. The status of the report must be 


echo_request=[0|1) 


the XML output. 


Optional) Specify 1 to view input parameters in the XML 
output. When not specified, parameters are not included in 


Where do | get the report ID? 
Run the report list API 


API request: 


curl -X POST -H X-Requested-With:POSTMAN -H Authorization:Basic 


cXV--- 


-F action=list 


https://qualysapi.qualys.com/api/2.0/fo/report/ 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


?> 


<!DOCTYPE REPORT_LIST_OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/report/report list output 
.dtd"> 
<REPORT LIST OUTPUT> 
<RES PONSE> 
<DATETIME>2018-07-02T15:29:52Z</DATETIME> 
<REPORT_LIST> 
<REPORT> 
<ID>7592049</ID> 
<TITLE><! [CDATA[FIXED Vuln Report] ]></TITLE> 
<TYPE>Scan</TYPE> 
<USER_LOGIN>acme_url5</USER_LOGIN> 
<LAUNCH DATETIME>2018-07-02T14:52:45Z</LAUNCH DATETIME> 
<OUTPUT_FORMAT>HTML</OUTPUT_FORMAT> 
<SIZE>-</SIZE> 
<STATUS> 
<STATE>Running</STATE> 
<MESSAGE><! [CDATA[Rendering...]]></MESSAGE> 
<PERCENT>80</PERCENT> 
</STATUS> 
<EXPIRATION DATETIME>2018-07-30T14:52:48Z</EXPIRATION DATETIME> 
</REPORT> 
<REPORT> 
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<ID>7589800</ID> 
<TITLE><! [CDATA[My Authentication Report]]></TITLE> 
<TYPE>Authentication</TYPE> 
<USER_LOGIN>acme_eel17</USER_LOGIN> 
<LAUNCH DATETIME>2018-07-02T07:00:212Z</LAUNCH DATETIME> 
<OUTPUT_FORMAT>PDF</OUTPUT_FORMAT> 
<SIZE>15 KB</SIZE> 
<STATUS> 

<STATE>Finished</STATI 
</STATUS> 
<EXPIRATION DATETIME>2018-07- 
30T07:00:24Z</EXPIRATION DATETIME> 

</REPORT> 
</REPORT_ LIST> 

</RESPONSE> 

</REPORT LIST _OUTPUT> 


eal 
V 


Another option - go to the user interface 


Within the user interface find the report you want to download (go to Reports > Reports) 
then choose View Report. In the Report Information window, at the top you'll see the ID in 
the window URL after id= like this: 


https://qualysguard.qualys.qualys.com/fo/report/view_report.php?id 
=2281953 


Sample - Download report 


curl -H "X-Requested-With: Curl Sample" 

-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/report/ 
?action=fetch&id=1462" 


DTD 
<platform API server>/asset_data_report.dtd 
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Delete Saved Report 
/api/2.0/fo/report 
[POST] 


Delete a saved report in the user’s account. This option is available when the Report Share 
feature is enabled in the user’s subscription. 


User permissions - Managers can delete any saved report. Unit Managers can delete a 
saved report in their own business unit (report launched by users in their own business 
unit). Scanners and Readers can delete their own saved report. 


Input Parameters 


Parameter Description 
action=delete (Required) 
id={value} Required) Specifies the report ID of a saved report in 


Report Share that you want to delete. The status of the 
report must be “finished”. 


echo_request=({0|1} Optional) Specifies whether to echo the request’s input 
parameters in the XML output. When not specified, 
parameters are not included in the XML output. Specify 1 
to view parameters in the XML output. 


Sample - Delete saved report 


curl -H "X-Requested-With: Curl Sample" 

-d "action=delete&id=1234" 

-b "QualysSession=71le6cda2a35d2cd404cddaf305ea0208; path=/api; 
secure" "https://qualysapi.qualys.com/api/2.0/fo/report/" 


DTD 
<platform API server>/api/2.0/simple_return.dtd 
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Scheduled Reports List 
/api/2.0/fo/schedule/report/ with action=list 
[GET] [POST] 


List scheduled reports in your account. 


Input parameters 


Parameter Description 
action=list (Required) 
id={value} (Optional) Show only 1 scheduled report that has the 


report ID you specify. 


is_active={0|1} (Optional) Active and inactive scheduled reports are listed 
by default. Specify 1 to list active scheduled reports only, 
or specify 0 to list inactive scheduled reports only. 


Sample - List all scheduled reports in account 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/report/?action=1 
ist" 


DTD 
<platform API server>/api/2.0/fo/schedule/report/schedule_report_list_output.dtd 
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Launch Scheduled Report 
/api/2.0/fo/schedule/report/ with action=launch_now 


[POST] 


Launch a scheduled report now. 


Input parameters 


Parameter Description 
action=launch_now (Required) 
id={value} (Required) A valid scheduled report ID. 


Sample - Launch scheduled report 


curl -H "X-Requested-With: Curl" -u USERNAME: PASSWORD -X "POST" -d 
"action=launch now&id=12345" 
"https://qualysapi.qualys.com/api/2.0/fo/schedule/report/" 


DTD 
<platform API server>/api/2.0/simple_return.dtd 


Asset Search Report 


/api/2.0/fo/report/asset/?action=search 


[GET] [POST] 


Download report on assets you're interested in. 


Input parameters 


Parameter Description 
action=search (Required) 
output_format={csv|xml} (Required) The output format of the asset search 


report. One output format may be specified: csv or xml. 


tracking _method={value} (Optional) Show only IP addresses/ranges which have a 
certain tracking method. Valid values: IP, DNS, 
NETBIOS, AZURE VM,EC2, AGENT 
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ips=[value) 


(Optional) Use this 
only certain IP add 


£ 


parameter i 
resses in the 


you want to include 
report. One or more 


IPs/ranges may be specified. Multiple entries are 


comma separated. 


An IP range 


is specified with a 


hyphen (for example, 10.10.10.1-10.10.10.100). 


One of these parameters must be specified in a 


request: 
use_tags. 


ps, asset_groups, asset_group_ids, or 


ips_network_id={value} 


(Optiona 
value is ALL. 


The network ID applied on 


IPs. The default 


asset_group_ids={value} 


(Optiona 
to be inc 


are comma separated. 


The IDs of asset groups containing the hosts 
uded in the asset search report. Multiple IDs 


One of these parameters must be specified in a 


request: 
use_tags. 


ps, asset_groups, asset_group_ids, or 


asset_groups=({value} 


(Optiona 
hosts to be include 
titles are 


The titles of asset groups containing the 
din the asset search 
comma separated. 


report. Multiple 


One of these parameters must be specified in a 


request: 
use_tags. 


ps, asset_groups, asset_group_ids, or 


assets_in_my_network_onl 
y=(0|1} 


Optiona 


and/or specified IP 


ranges. 


) Specify 1 to include the specified asset 
groups and/or IP ranges. Valid for 'All' Asset Group 


ec2_instance_status= 
{value} 


Optiona 


PENDING, STOPP 
Va 


) Specify the EC2 instance status to be 
searched. Possible values: RUNNING, TERMINATED, 
NG, SHUTTING] 
ues are case-sensitive. 


DOWN, STOPPED. 


ec2_instance_status is valid only when 


tracking method=] 
speci 


EC2 or tracking method=AGENT is 
fied. See EC2 search samples 


ec2_instance_id={value} 


(Optional) Speci 
See EC2 search 


fy 


the 


EC2 instance ID to be searched. 
samples 


ec2_instance_id is 
ec2_instance_id_m 


valid only when 
odifier is specified 


ec2_instance_id_modifier= 
{value} 


(Optional) Show on 


either: beginning with, containing, m 
with, not empty. See 


ly hosts with ec2_i 


nstance_id that is 


atching, ending 
EC2 search samples 


ec2_instance_id_m 
ec2_instance_id is 


specified 


odifier is valid only when 
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azure_vm_state=[value) 


(Optional) Specify the Azure virtual machine state to be 


searched. Possible values are: STA 
STOPPING, STOPPED, DEALLOCAT 


NG, ] 


UNKNOWN. Values are case-sensitive. 


azure_vm_state is valid only when 


tracking_method=AZURI 


E VM or 


tracking method=AGENT is specified. 


D] 


RTING, RUNNING, 
FALLOCATED 


ü 


azure_vm_id={value} 


(Optional 
searched. 


Specify the Azure virtual machine I] 


D to be 


azure_vm_id is valid only when azure_vm_id_modifier 


is specified. 


azure_vm_id_modifier= 
{value} 


(Optional 


Show only assets with azure_vm_id that is 


either: beginning with, containing, matching, ending 


with, not empty. 


azure_vm_id_modifier is valid only when azure_vm_id 


is specified. 


display_ag_titles=({0|1} 


(Optional) Specify 1 to display AssetGroup Titles 


£, 


or 


each Host in the output. Otherwise the AssetGroup 
Titles are not displayed in the output. 


ports={value} 


(Optional) Shows the hosts that has the specified open 
ports. One or more ports may be specified. Multiple 
ports are comma separated. You can specify upto 10 


values. 


services={value} 


(Optional) Shows the hosts that has the specified 


services running on it. One or more services may be 
specified. Multiple services are comma separated. You 
can specify upto 10 values. 


qids={value} 


(Optional) Shows vulnerabilities (QII 


Ds) in the 


KnowledgeBase applicable to the host. Allows up to 20 


values. 


gid_with_text={value} 


(Optional) Shows vulnerabilities (QIDs) with the 


specif 
host. 


ed text in the KnowledgeBase applicable to the 


qid_with_text is valid only when qids parameter is 


specified. 


gid_with_modifier={value} 


(Optional) Show only hosts with QID that is either: 
beginning with, containing, matching, ending with. 


qid_with_modifier is valid only when qid_with_text is 


specified. 
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Description 


use_tags={0|1}} 


(Optional) Specify 0 (the default) if you want to select 
hosts based on IP addresses/ranges and/or asset 
groups. Specify 1 if you want to select hosts based on 
asset tags. 


One of these parameters must be specified in a 
request: ips, asset_groups, asset_group_ids, or 
use_tags. 


tag_set_by={id|jname} 


(Optional when use_tags=1) Specify “id” (the default) to 


select a tag set by providing tag IDs. Specify “name” to 
select a tag set by providing tag names. 


tag_include_selector= 
fanyļall} 


Optional when use_tags=1) Select “any” (the default) to 
include hosts that match at least one of the selected 
tags. Select “all” to include hosts that match all of the 
selected tags. 


tag exclude_selector= 
fanyļall} 


Optional when use_tags=1) Select “any” (the default) to 
exclude hosts that match at least one of the selected 
tags. Select “all” to exclude hosts that match all of the 
selected tags. 


tag_set_include=fvalue} 


Required when use_tags=1) Specify a tag set to 
include. Hosts that match these tags will be included. 
You identify the tag set by providing tag name or IDs. 
Multiple entries are comma separated. 


tag_set_exclude={value} 


Optional when use_tags=1) Specify a tag set to 
exclude. Hosts that match these tags will be excluded. 
You identify the tag set by providing tag name or IDs. 
Multiple entries are comma separated. 


first_found_days={value} 


Optional) Specify a number of days along with the 
first_found_modifier so that the range includes the 
first found date to be searched for 


first_found_days is valid only when 
first_found_modifier is specified. 


first_found_modifier= 
{within|not within} 


Optional) Show only hosts whose first found date is 
within or not within the specified days. 


first_found_modifier is valid only when 
first_found_days is specified. 


last_vm_scan_days={value} 


Optional) Specify a number of days so that it includes 
the last vm scan date to be searched for. 


ast_vm_scan_days is valid only when 
ast_vm_scan_modifier is specified. 


last_vm_scan_modifier= 
{within|not within} 


Optional) Show only hosts whose last_vm_scan_date 
is within or not within the specified days. 


ast_vm_scan_modifier is valid only when 
ast_vm_scan_days is specified. 
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Parameter Description 


last_pc_scan_days={value} (Optional) Specify a number of days so that the 
specified value along with the modifier forms the date 
range that includes the last scan date to be searched 
for. 


This parameter is valid only when the policy 
compliance module is enabled for the user account. 


last_pc_scan_modifier= (Optional) Show only hosts whose last_pc_scan_date is 
{within|not within} within or not within the specified days. 


This parameter is valid only when the policy 
compliance module is enabled for the user account. 


last_scap_scan_days={value (Optional) Specify a number of days so that the 

} specified value along with the modifier forms the date 
range that includes the last SCAP scan date to be 
searched for. 


This parameter is valid only when the policy 
compliance module is enabled for the user account. 


last_scap_scan_modifier= (Optional) Show only hosts whose last_scap_scan_date 
{within|not within} is within or not within the specified days. 


This parameter is valid only when the policy 
compliance module is enabled for the user account. 


dns_name={value} (Optional) Specify the DNS name of the host that needs 
to be searched. 


dns_name is valid only when dns_modifier is specified. 


dns_modifier={value} (Optional) Show only hosts with dns_name that is 
either: beginning with, containing, matching, ending 
with, not empty. 


dns_modifier is valid only when dns_name is specified. 


netbios_name={value} (Optional) Specify the NETBIOS name of the host to be 
searched. 


netbios_name is valid only when netbios_modifier is 
specified. 


netbios_modifier={value} (Optional) Show only hosts with netbios_name that is 
either: beginning with, containing, matching, ending 
with, not empty. 


netbios_modifier is valid only when netbios_name is 
specified. 


os_cpe_name={value} (Optional) Specify the OS CPE name of the host to 
searched. 


os_cpe_name is valid only when os_cpe_name is 
specified. 
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Description 


os_cpe_modifier=[value) 


(Optional)) Show only hosts with os cpe_name that is 
either: beginning with, containing, matching, ending 
with, not empty. 


os_cpe_modifier is valid only when os_cpe_name is 
specified. 


os_name={value} 


(Optional) Specify the operating system name of the 
host to be searched. 


os_name is valid only when os_modifier is specified. 


os_modifier={value} 


(Optional) Show only hosts with os_name that is either: 
beginning with, containing, matching, ending with. 


os_modifier is valid only when os_name is specified. 


Sample - Request Asset Search report 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" 
"https://qualysapi.qualys.com/api/2.0/fo/report/asset/?action=sear 
chéoutput_format=xml&echo request=1é&ips=10.10.10.10-10.10.10.20" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE ASSET SEARCH REPORT SYSTEM 


"https://qualysapi.qualys.com/asset_ search report v2.dtd"> 


<ASSET_SEARCH 
<HEADER> 
<REQUEST> 


EPORT> 


<DATETIME>2018-06-03T20:21:132Z</DATETIME> 


<USER_LOGIN>john_sm</USER_LOGIN> 


<RESOURCE>https://qualysapi.qualys.com/api/2.0/fo/report/asset/ 


</RESOURC 


E> 


<PARAM LIST> 


A 
N 
zj 


</PARAM> 
<PARAM> 


EY>action</KEY> 
<VALUE>search</VALU 


[52] 
V 


<KEY>output_format</KEY> 


<VALUE>xm1l</VALUE> 


</PARAM> 
<PARAM> 


<KEY>echo_request</KI 


GI 


Y> 


<VALUE>1</VALUE> 
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</PARAM> 
<PARAM> 
<KEY>ips</KEY> 
<VALUE>10.10.10.10-10.10.10.15</VALU 
</PARAM> 
</PARAM LIST> 
</REQUEST> 
<COMPANY>Corsa</COMPANY> 
<USERNAME>John Smith</USERNAME> 
<GENERATION DATETIME>2018-06-037T20:21:132Z</G 
<TOTAL>2</TOTAL> 
<FILTERS> 
<IP_LIST> 
<RANGE> 
<START>10.10.10.10</START> 
<END>10.10.10.15</END> 
</RANGE> 
</IP_LIST> 
</FILTERS> 
</HEADER> 


eal 
V 


T 


INERATION DATETIME> 


<HOST LIST> 
<HOST> 
<IP><! [CDATA[10.10.10.10]]></IP> 
<TRACKING METHOD>IP address</TRACKING METHOD> 
<OPERATING SYSTEM><! [CDATA[Linux 2.4-2.6 / Embedded Device / F5 
Networks Big-IP]]></OPERATING SYSTEM> 
<LAST_ SCAN _DATE>2018-06-03T09:11:21Z</LAST SCAN DATE> 
<FIRST FOUND DATE>2018-06-03T07:11:46Z</FIRST FOUND DAT! 
</HOST> 


eal 
V 


<HOST> 

<IP><! [CDATA[10.10.10.11]]></IP> 

<TRACKING METHOD>IP address</TRACKING METHOD> 

<DNS><! [CDATA[10-10-10-11.bogus.tld] ]></DNS> 

<NETBIOS><! [CDATA[SYS_10 10 10 11]]></NETBIOS> 

<OPERATING SYSTEM><! [CDATA[Windows 2000 Server Service Pack 
4] ]></OPERATING SYSTEM> 
<LAST SCAN _DATE>2018-06-03T07:12:47Z</LAST SCAN DAT 
<LAST COMPLIANCE SCAN DATE>2018-05- 
13T21:15:01Z</LAST COMPLIANCE SCAN DATE> 

<FIRST FOUND DATE>2018-05-12T15:16:54Z</FIRST FOUND DAT 

</HOST> 


tg m 


F 
V 


eal 
V 


</HOST LIST> 
</ASSET SEARCH REPORT> 
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DTD: 


<platform API server>/asset_search_report_v2.dtd 


Sample - Asset Search report CSV 


CSV output: 
----BEGIN RESPONSE HEADER CSV 
"Launch Datetime","User Login", "Resource", "Parameter 
Name", "Parameter Value" 
"2018-06- 
07T22:51:232","john_sm","https://qualysapi.qualys.com/api/2.0/fo/r 
eport/asset/",, 
zyr" action", "search" 


,,,"output_format","csv" 

rer" echo request", "I" 

por ips"; L0 10:10: 10=10 10. 30: 203 
----END RESPONSE HEADER CSV 
"Company", "UserName", "ReportDate", "AssetGroups", "IPAddresses", "DNS 
Hostname", "NetBIOSHostname", "TargetTrackingMethod", "TargetOperatin 
gSystem", "TargetService", "TargetPort", "TargetQID", "QIDTitle", "Targ 
etLastScanDate", "TargetFirstFoundDate", "OSCPE", "Tags", "TargetCompl 
ilanceLastScanDate", "Total" 

"Corsa","John Smith", "2018-06-077T22:51:232",,"10.10.10.10- 

O10: Os 20" y yw apu py ee 

"TP", "DNSHostname", "NetBIOSHostname", "OperatingSystem", "OSCPE", "Po 
rt/Service/Default 
Service", "TrackingMethod", "LastScanDate", "LastComplianceScanDate", 
"First Found","Tags" 
"10.10.10.10",,,"Linux 2.4-2.6 / Embedded Device / F5 Networks 
Big-IP",,,"IP address", "2018-06-03T09:11:212",,"2018-06- 
03T07:11:462", 

"10.10.10.11",,"SYS_ 10 10 10 11",,,,"IP address","2018-06- 
03T07:12:472","2018-05-13T21:15:0124","2018-05-12T15:16:542", 


Sample - Asset Search Report in XML output for Azure VM instances 


This sample will return the asset search report in XML format. In XML output, you'll see 
these Azure VM instance specific tags: FILTER_-AZURE_VM_ID, FILTER_-AZURE_VM_STATE 
with Azure filter values. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" 
"https://qualysapi.qualys.com/api/2.0/fo/report/asset/?action=searchéasse 
t_groups=Allé&azure vm_id=399af5dc-c32a-4c40-95a5- 

cé6ed0e786430&azure vm id modifier=beginningtwithétracking method=AZURE+VM 
&azure vm_state=RUNNINGéoutput_format=xml" 
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XML output: 


<?xml version="1.0" 


<!DOC 


"http 


ncodin 


= 


[TYPE 


ASS 


ET S 


EARCH R 


s:/ 


<ASSE 


= 


[ SE 


A 


RCH 


R. 


<HE 


ER> 


PA 


Y>< 


ERNAME 


>Pa 


L> 
TE 


ERAT 


TION 
1</TOTAL> 
RS> 
<ASSE 
<ASSI 
</ASSI 


m 


LTG 
trick Slimmer</US 
E>2020-06-22T23:24:25Z</GE 


EPORT> 


DATA [Qualys] ]></COMPA 


n 


DAT 


ETIM 


GRO 


UPS> 
ET GROUP TITL 
ET_GROU 


PS> 


2 


g="UTF-8" 


EPORT SYSTEM 
/qualysapi.qualys.com/asset search report v2.dtd"> 
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> 


X. 
> 


ERNAME 


> 


N 


TIME 


ERATION DATE 


E><! [CDATA[A11]]></ASSET GROUP TITLE> 


<FILTER_AZURE_VM_ID><! [CDATA[Beginning With 399af5dc-c32a-4c40-95a5- 
c6ed0e786430] ]></FILTER_AZURE_VM_ID> 

<TRACKING METHOD><! [CDATA [Azure VM] ]></TRACKING_METHOD> 

<FILTER_AZURE_VM_STATE><! [CDATA[RUNNING] ]></FILTER_AZURE_VM_STATE> 


</F 


ILT 


DER> 


</HEA 


<HOST_ 


< 


HO 
< 


ST> 
I 


ERS> 


LIST> 


p><! [CDATA[10.4.8.4]]></IP> 


<TRACKING METHOD>Azure VM</TRACKING METHOD> 
<CLOUD_PROVIDER>Azure</CLOUD_PROVIDER> 
<CLOUD_SERVICE>VM</CLOUD_SERVICE> 
<CLOUD_RESOURCE_ID><! [CDATA[399af5dc-c32a-4c40-95a5- 
c6ed0e786430] ] ></CLOUD_RESOURCE_ID> 
<!-- <EC2_INSTANCE_ID> tag has been deprecated. Please refer to 
<CLOUD_RESOURCE_ID> tag for the same information //--> 


< 


EC2_ INSTANCI 
c6ed0e786430]]></] 


E ID><! [CDATA[399af5dc-c32a-4c40-95a5- 
EC2 INSTANCE ID> 


Sample - Search EC2 asset with certain EC2 instance ID 


API request: 


curl 


"action=searché&o 


SAR 


"US 


ERNAM 


F: PASSWORD" 
utput_format=xml&tracking_ method= 


-H "X-Requested-With: Curl" 


=a 
EC2&éuse tags=l&ta 


g_ set by=nameé&tag set _include=useasttagé&ec2 instance id=i- 
Ofb7086f985856fa4&ec2 instance id modifier=containing" 
"https://qualysapi.qualys.com/api/2.0/fo/report/asset/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
<!DOCTYPE 


F 


ASS 


ET_S 


EARCH R 


PORT: SYST! 
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?> 


EM 
F 
E 
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"https://qualysapi.qualys.com/asset_search report v2.dtd"> 
<ASSET SEARCH REPORT> 
<HEADER> 
<COMPANY><! [CDATA[qualys-test] ] ></COMPANY> 
<USERNAME>qualys ps</USERNAME> 
<GENERATION DATETIME>2018-04-11T10:17:32Z</GENERATION DATETIME> 
<TOTAL>1</TOTAL> 
<FILTERS> 
<ASSET TAGS> 
<INCLUDED TAGS scope="any"> 
<ASSET TAG><! [CDATA[useasttag] ]></ASSET_ TAG> 
</INCLUDED_TAGS> 
</ASSET_TAGS> 
<TRACKING METHOD><! [CDATA[EC2]]></TRACKING METHOD> 
</FILTERS> 
</HEADER> 
<HOST LIST> 
<HOST> 
<IP><! [CDATA[10.73.188.6]]></IP> 
<HOST TAGS><! [CDATA[EC2, Virginia, agec2, sada-0117-targets, 
sada-new-0308, useasttag; 
]]></HOST_TAGS> 
<TRACKING METHOD>EC2</TRACKING METHOD> 
<DNS><! [CDATA[ip-10-73-188-6.ec2.internal]]></DNS> 
<EC2_ INSTANCE ID><! [CDATA[i- 
Ofb7086£985856fa4] ]></EC2 INSTANC 
<LAST_SCAN DATE /> 
<FIRST FOUND DATE /> 
</HOST> 
</HOST_LIST> 


Eal 


A 


GI 
H 


D> 


Sample - Search EC2 assets with certain status 


Search all EC2 assets which are currently in TERMINATED state and having instance ID 1- 
0b121b9211d7e25cb. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -qd 
"action=searchéoutput format=xmlétracking method=EC2éuse tags=l&ta 
g_set_by=nameé&tag set include=useasttagé&ec2 instance status=TERMIN 
ATED&éec2_ instance id=i- 
Ob121b9211d7e25cb&ec2 instance id modifier=containing" 
"https://qualysapi.qualys.com/api/2.0/fo/report/asset/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
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<!DOCTYPE ASSET SEARCH REPORT SYSTEM 
"https://qualysapi.qualys.com/asset search report v2.dtd"> 
<ASSET SEARCH REPORT> 
<HEADER> 

<COMPANY><! [CDATA[qualys-test] ] ></COMPANY> 

<USERNAME>sada-customer customer</USERNAME> 
RATION DATETIME>2018-04-11T10:49:05Z</G 
<TOTAL>1</TOTAL> 
<FILTERS> 

<ASSET TAGS> 

<INCLUDED TAGS scope="any"> 
<ASSET TAG><! [CDATA[useasttag] ] ></ASSET_ TAG> 


T 


A 
Q 
= 


INERATION DATETIME> 


</ INCLUDED TAGS> 
</ASSET_TAGS> 
<TRACKING METHOD><! [CDATA[EC2]]></TRACKING METHOD> 
</FILTERS> 
</HEADER> 
<HOST LIST> 
<HOST> 
<IP><! [CDATA[10.90.2.175]]></IP> 


<HOST TAGS><! [CDATA[EC2, Vriginia, por-6586, sada-0117- 
targets, sada-new-0308, useasttag; 
]]></HOST_TAGS> 
<TRACKING METHOD>EC2</TRACKING METHOD> 
<DNS><! [CDATA[i-0b121b9211d7e25cb] ]></DNS> 
<EC2 INSTANCE ID><! [CDATA[i- 
0b121b9211d7e25cb] ]></EC2_INSTANC! 
<LAST_SCAN DATE /> 
<FIRST FOUND DATE /> 

</HOST> 

</HOST_LIST> 


Gl 
H 


D> 


Sample - Search assets with SCAP scan performed 
API request: 


curl -u "username:password" -H "X-Requested-With:" 
"action=search&output_format=xml&asset_groups=Winodws+7+Scap&last_ 
scap scan days=300élast scap scan modifier=within" 
"https://qualysapi.qualys.com/api/2.0/fo/report/asset/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE ASSET_SEARCH_REPORT SYSTEM 
"https://qualysapi.qualys.com/asset_search report v2.dtd"> 
<ASSET SEARCH REPORT> 
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<HEADER> 


<COMPANY><! [CDATA[q 


'RNAME> 


IME>2018-11-06T00:42:132Z</G 


<GENERATION DATET 
<TOTAL>26</TOTAL> 


<FILTERS> 
<ASSET GROUPS> 
<ASSET 


</ASS 
<FI 


TE 


_ GROUP ` 


Gm 


ET_GROUPS> 
AST SCAP SCAN DAT 


zj 
s] 


300]]></F 
</FILTE 
</HEADER 


<HOST LIS 
<HOST> 
<I 


TITLI 


Reports 


Asset Search Report 


ualys]]></COMPANY> 
POC Manager</USERNAME> 


T 


ETIME> 


iINERATION DAT 


E><! [CDATA [Winodws 7 
Scap]]></ASSET GROUP TITLE> 


H 


TER LAST SCAP SCAN 


RS> 


T> 


<TRACKING METHO 


<OPERATING SYST 
Service Pack 1]]></OP 
PE><! [CDATA[cpe:/o:microsoft:windows 7::spl:x64- 
]]></OS_CPI 
_SCAN_DATE>2018-10-18T20:55:102Z</LAST SCAN DATE> 
E SCAN DATI 
_COMPLIA 


<OS C 
ultimate: 
<LAST 
<LAST 
14T21:57: 
<LAST 
28 1:05 S73 


<FIRST FOUND DAT 


</HOST> 


COMP 


_SCAP 
06Z</LAST SCAP SCAN DATE> 
F>2018-04-03T23:18:26Z</FIRST FOUND DAT 


,IANC 


E> 


53Z</LAST 
SCAN 


DAT 


P><![CDATA[10.10.10.10]]></IP> 

D>IP address</TRACKING METHOD> 
<DNS><! [CDATA [bridge.qualys.com] ]></DNS> 
<NETBIOS><! [CDATA[WIN7-10-10] ] ></N 
EM><! [CDATA [Windows 7 Ul 
ERATING SYST 


5 


,TANCE_ 
E>2018-08- 
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E><![CDATA[Within 
DATE> 


EM> 


ETBIOS> 
timate 64 bit 


Ed 
E 


E>2018-09- 
SCAN DAT] 


E> 


ition 


eal 
V 
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VM Report Templates 


The Report Template API is used to manage report templates and their settings in the 
user's subscription. 


API Support for Report Templates 
Scan Template 

PCI Scan Template 

Patch Template 

Map Template 


API Support for Report Templates 


You can now use APIs to create custom reports with views on your scan results and the 
current vulnerabilities on your hosts. Use various report templates provided by Qualys as 
a starting point. 


APIs are now available to perform various actions on templates for the following report 
types: Scan Template, PCI Scan Template, Patch Template, Map Template 


The Report Template API allows users to perform the following actions. 


Action Supported Description 
Access Method 
Create POST Create a report template. A unique template ID is 
generated for the new template. 
Update PUT Update an existing report template. 
Delete POST Delete an existing report template. 
Export GET Export a specific report template based on the 


template ID, or all templates for the report type. 


Once you have your template the way you want you can run reports using the templates 
using the Report API /api/2.0/fo/report. 
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/api/2.0/fo/report/template/scan/ 


Perform actions such as create, update, delete and export on the Scan Template. 


Scan Template Request 


A summary of API Endpoint URLs is provided below. 


Action 


API Endpoint /required parameters Method 


Create Scan Template 


<base_url>/api/2.0/fo/report/template/scan/ POST 
Required parameters: 

action=create 

report_format=xml 


Update Scan Template 


<base_url>/api/2.0/fo/report/template/scan/ PUT 


Required parameters: 
template_id={value} 
action=update 
report_format=xml 


Delete Scan Template 


<base_url>/api/2.0/fo/report/template/scan/ POST 
Required parameters: 

template_id={value} 

action=delete 


Export Scan Template 


<base_url>/api/2.0/fo/report/template/scan/ GET 
Required parameters: 

action=export 

report_format=xml 


Optional parameter: 
template_id={value} 


When unspecified all templates for the report 
type get exported. 


Scan Template settings 


These parameters (all are optional) are used for a create or update request to define scan 
template settings. When creating a new template the default value is shown in bold where 


applicable. 
Parameter Description 
Title The template title and owner. 


title={value} 


A string value for the title. Length is maximum 64 
characters. 


owner={value} 


Username of the owner of this template. 


Validity of the owner to create reports is based on the 
user role or business unit. See About template owner. 
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Description 


Target 


What target assets to include in the report. 


scan_selection=[HostBased| 


ScanBased]} 


Specify HostBased for Host Based Findings (default for 
new template) or ScanBased for Scan Based Findings. 
Choosing Host Based Findings allows you to report on the 
latest vulnerability data from all of your scans. Choosing 
Scan Based Findings allows you to run a report based on 
saved scan results. 


include_trending={0|1} 


Specify 1 to include trending. Choose a timeframe (daily, 
weekly or monthly) to analyze the vulnerability status for 
the timeframe selected. 

This parameter is required only if 
scan_selection=HostBased. 


limit_timeframe={0|1} 


Specify 1 to only include scan results from the specified 
time frame. This ensures that only vulnerability 
information gathered in the timeframe that you've 
specified is included in the report. If unspecified, 
vulnerability information for hosts that were last 
scanned prior to the report timeframe may be included. 
This parameter is required only if 
scan_selection=HostBased. 


selection_type={day|month| 
weeksj|date|none|scans} 


Specify whether to include trending information for 
number of weeks, days or months or a specific date. 
Specifying none will create a report without any trending 
information included. 

Specifying scans will include trending information for the 
last two detections. 

This parameter is required only if 
scan_selection=HostBased. 


selection_range={value} 


Specify the range for the selection type. Specify a number 
of units (1|3|5|7|15|30|60|90) for days, weeks or months. 
Date must be in the format yyyy-mm-dd (2017-04-05), 
and must be less than or equal to today’s date. 

Trending information since the last number of units or 
the specified date will be included. 

This parameter is required only if 
scan_selection=HostBased. 


asset_groups={value} 


Specify the name of the asset group(s) to report on. 
Multiple asset groups are comma separated. We'll report 
on all the IPs in the asset groups. 

This parameter is required only if 
scan_selection=HostBased. 


asset_group_ids={value} 


Specify the ID of the asset group(s) to report on. Multiple 
asset group IDs are comma separated. We'll report on all 
the IPs in the asset groups. 

This parameter is required only if 
scan_selection=HostBased. 
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Description 


network={value} 


(Valid only when the Networks feature is enabled for your 
account.) A network name containing the IPs to include. 
For a new template the default network is Global Default 
Network. 


ips={value} 


Specify the IPs or IP ranges to report on. Multiple IPs or IP 
ranges are comma separated. 

This parameter is required only if 
scan_selection=HostBased. 


tag_set_by=({namelid} 


Specify the name of the tags or the ID of the tags for the 
hosts you want to report on. Multiple tag names or tag 
Ds are comma separated. 


m 


tag include_selector= 
{ALL|ANY} 


Specify ALL to match all the asset tags for the hosts you 
want to report on (This is an AND operation). Specifying 
ANY will match any of the assets tags (This is an OR 

operation). 
This parameter is required only if 
scan_selection=HostBased. 


tag_set_include={value} 


Specify asset tags for the hosts you want to report on. 
We'll find the hosts in your account that match your tag 
selection and include them in the report. 

Multiple tags can be provided using comma separated 
values. 
This parameter is required only if 
scan_selection=HostBased. 


tag_exclude_selector= 
{ALL|ANY} 


Specify ALL to match all the asset tags for the hosts you 

want do not want to report on (This is an AND operation). 
Specifying ANY will match any of the assets tags (This is 
an OR operation). 
This parameter is required only if 
scan_selection=HostBased. 


tag_set_exclude={value} 


Specify asset tags for the hosts you do not want to report 
on. We'll find the hosts in your account that match your 
tag selection and exclude them from the report. 

Multiple tags can be provided using comma separated 
values. 

This parameter is required only if 
scan_selection=HostBased. 


host_with_cloud_agents= 
{alllscanjagent} 


What host findings to include in the report when CA 
module is enabled. Your options are: 

all - All data 

scan - Scan data, i.e. include findings from scans that 
didn’t use Agentless Tracking 

agent - Agent data, i.e. include findings from the agent 
when merging is enabled (i.e. Show unified view hosts 
option in UI under Users > Setup > Cloud Agent Setup) 
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display_text_summary=[0|1) 


Specify 1 to include the following sum 
entire report: total vulnerabilities dete 
security risk, business risk (for reports 
group), total vulnerabilities by status, t 


mary info for the 
cted, overall 
sorted by asset 
otal vulnerabilities 


by severity and top 5 vulnerability categories. 


graph_business_risk={0|1} 


Specify 1 to include the business risk information. 
Note that some graphs are only available when trend 


information is included. Keep in mind 


that your filter 


settings will affect the data reflected in your graphs. 


graph_vuln_over_time={0|1} 


pax 


Specify 1 to include the vulnerabilities 
time. 


by severity over 


graph_status={0|1} 


G 


Specify 1 to include 


ch 


e vulnerabilities 


by status. 


graph_potential_status={0|1} 


ch 


Specify 1 to include 
status. 


e potential vulnerabilities by 


graph_severity={0|1} 


Specify 1 to include the vulnerabilities 


by severity. 


Display 


Display options such as graphs amount of detail. 


graph_potential_severity= 
{011} 


Specify 1 to include the potential vulnerabilities by 


graph_ig_severity=(0|1} 


Specify 1 to include the information gathered by severity. 


graph_top_categories={0|1} 


pecify 1 to include the top five vulnerable categories. 


graph_top_vulns={0|1} 


ulnerabilities. 


pecify 1 to include the ten most prevalent 


graph_os={0|1} 


“C4 


pecify 


to include the operating systems detected. 


graph_services=(0|1} 


“C4 


graph_top_ports={0|1} 


“C4 


pecify 1 to include the ports detected. 


display_custom_footer={0|1} 


“C4 


pecify 1 to include custom text in the report footer. 


display_custom_footer_text= 
{value} 


S 
S 
v 
S 
Specify 1 to include the services detected. 
S 
5 
S 
ë 


pecify custom text like a disclosure statement or data 
assification (e.g. Public, Confidential). The text you 


enter will appear in all reports generated from this 
template, except reports in XML and CSV formats. Length 


is maximum 4000 characters. 


sort_by={host|vuln|os| 
group|service|port} 


Specify how you want to organize the | 
section of your report - by host, vuln (i 


Detailed Results 
.e. vulnerability), 


group (i.e. asset group), service or port. 


cvss={all|cvssv2|cvssv3} 


Specify the CVSS version score you wa 
reports. 

all - both CVSS versions 

cvssv2 - CVSS version 2 

cvssv3 - CVSS version 3 


nt to display in 
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Parameter Description 

host_details={0|1} Specify 1 to include identifying information for each host 
agent like the asset ID and related IPs (IPv4, IPv6 and MAC 
addresses). 


This parameter is required only if 
scan_selection=HostBased and sort_by=host. 


metadata_ec2_instances= Specify 1 to display “Legacy EC2/Azure Fields” for each 

[0|1) EC2 asset. 
See Cloud Asset Metadata Fields in XML Format to know 
which fields are included with this option. 


cloud_provider_metadata={0 Specify 1 to display “Cloud Provider Metadata Fields” for 


|1} each cloud asset. See Cloud Asset Metadata Fields in 
XML Format to know which fields are included with this 
option. 

qualys_system_ids={0|1} Specify 1 to include host ID/asset ID in the host-based 


scan report. 


include_text_summary={0|1} Specify 1 to include the following summary info for each 
host, vulnerability, asset group, etc (depending on the 
sorting method you selected): total vulnerabilities 
detected, the security risk, the business risk (for reports 
sorted by asset group), total vulnerabilities by status, 
total vulnerabilities by severity and top 5 vulnerability 
categories. 


include_vuln_details={0|1} Specify 1 to include additional details for each 
vulnerability in the report. 


include_vuln_details_threat Specify 1 to include a description of the threat. 


include_vuln_details_impact Specify 1 to include possible consequences that may 


=(0|1} occur if the vulnerability is exploited. 

include_vuln_details_solutio Specify 1 to include a verified solution to remedy the 

n={0|1} issue, such as a link to the vendor's patch, Web site, or a 
workaround. 

include_vuln_details_vpatch Specify 1 to include virtual patch information correlated 

=(0|1} with the vulnerability, obtained from Trend Micro real- 
time feeds. 


roa 


include_vuln_details_compli Specify 1 to include compliance information correlated 
ance=(0|1} with the vulnerability. 


£, 3 


include_vuln_details_exploit Specify 1 to include exploitability information correlated 
=[0|1) with the vulnerability, includes references to known 
exploits and related security resources. 


£ 


include_vuln_details_malwa Specify 1 to include malware information correlated with 
re={0|1} the vulnerability, obtained from the Trend Micro Threat 
Encyclopedia. 
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Description 


include_vuln_details_results 
=(0|1} 


Specify 1 to include specific scan test results for each 
host, when available. We'll also show the date the 
vulnerability was first detected, last detected and the 
number of times it was detected. 


include_vuln_details_reopen 
ed=({0|1} 


Specify 1 to include information related to reopened 
vulnerabilities. 


include_vuln_details_appen 
dix={0|1} 


Specify 1 to include more information like IPs in your 
report target that don't have any scan results, and IPs 
that were scanned but results are not shown (no 
vulnerabilities were detected or all vulnerabilities were 
filtered out). 


exclude_account_id={0|1} 


Specify 1 to exclude the account login ID in the filename 
of downloaded reports. Use this option to remove the 
login ID from the filename. 


Filters 


Filter options such as vulnerability status, categories, 
QIDs, OS. 


selective_vulns={complete| 
custom} 


Specify complete to show results for any and all 
vulnerabilities found. 

Specify custom to filter your reports to specific QIDs (add 
static search lists) or to QIDs that match certain criteria 
(add dynamic search lists). For example, maybe you only 
want to report on vulnerabilities with severity 4 or 5. Tip - 
Exclude QIDs that you don't want in the report. 


search_list_ids={value} 


Specify search list ID or QID. Multiple search list IDs or 
QIDs can be provided using values separated by a 
comma. 

This parameter is required only if 
selective_vulns=custom. 


exclude_qid_option={0|1} 


Specify 1 to exclude QIDs from the report. 


exclude_search_list_ids= 
{value} 


Specify QID to be excluded from the report. Multiple QIDs 
can be provided using values separated by a comma. 
This parameter is required only if exclude_qid_option=1. 


included_os={value} 


Specify the operating system name to filter hosts. For 
example, to only report on Linux hosts make sure you 
provide the operating system name for Linux. 

Multiple operating system names can be provided using 
values separated by a comma. 

Specify ALL to include all operating systems. 

See Identified OS. 


status_new=(0|1} 


Specify 1 to include vulnerabilities in your report based 
on the current vulnerability status - New. 


status_active={0|1} 


Specify 1 to filter vulnerabilities in your report based on 
the current vulnerability status - Active. 


status_reopen=({0|1} 


Specify 1 to filter vulnerabilities in your report based on 
the current vulnerability status - Re-Opened. 
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status_fixed=[0|1) 


T 


Specify 1 to filter vulnerabilities in your report based on 
the current vulnerability status - Fixed. 


vuln_active={0|1} 


£1 


Specify 1 to filter confirmed vulnerabilities in your report 
based on the state - Active. 


vuln_disabled={1|1} 


£51 


Specify 1 to filter confirmed vulnerabilities in your report 
based on the state - Disabled. 


vuln_ignored={0|1} 


E seg | 


Specify 1 to filter confirmed vulnerabilities in your report 
based on the state - Ignored. 


potential_active={0|1} 


£ 


Specify 1 to filter potential vulnerabilities in your report 
based on the state - Active. 


potential_disabled=[0|1) 


Specify 1 to filter potential vulnerabilities in your report 
based on the state - Disabled. 


potential ignored=[0|1) 


Pad 4 £ 


Specify 1 to filter potential vulnerabilities in your report 
based on the state - Ignored. 


ig active=[0|1) 


£ £ 


Specify 1 to filter the information gathered in your report 
based on the state - Active. 


ig_disabled={0|1} 


T 


Specify 1 to filter the information gathered in your report 
based on the state - Disabled. 


ig_ignored={0|1} 


E 


Specify 1 to filter the information gathered in your report 
based on the state - Ignored. 


display_non_running kernel 
s={0|1} 


Specify 1 to include a list of all vulnerabilities found on 
non-running kernels. 


exclude_non_running_kerne 


Specify 1 to exclude vulnerabilities found on non-running 


1={0|1} kernels. 
Use only one parameter at a time: highlight_arf_kernel or 
arf_kernel. 

exclude_non_running_servic Specify 1 to only include vulnerabilities found where the 


es= 


0|1} 


port/service is running. 


excl 


ed 


ude_qids_not_exploitabl 
ue_to_configuration=(0|1} 


Specify 1 to exclude vulnerabilities that are not 
exploitable because there’s a specific configuration 
present on the host. 


exc 


ude_superceded_patche 


s=[0|1) 


Specify 1 to exclude every patch QID which is superceded 
(replaced) by another patch QID recommended for the 
same Host. 


m 


categories_list={value} 


Specify the category name to filter hosts in your report 
based on various categories. For example, if you're only 
interested in Windows vulnerabilities make sure you 
provide the category name for Windows. 

Multiple category names can be provided using values 
separated by a comma. 

Specify ALL to include all categories. 

See Categories. 


Services and Ports 


Services and ports to include in report. 
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required_services={value} 


Specify the name of a required service. Multiple service 
names can be provided using values separated by a 
comma. We'll report QID: 38228 (when a required service 
is NOT detected). 

See Identified Services. 


unauthorized_services= 
{value} 


Specify the name of an unauthorized service. Multiple 
service names can be provided using values separated by 
a comma. We'll report QID: 38175 (when an unauthorized 
service is detected). See Identified Services. 


required_ports={value} 


Specify required ports. Multiple ports can be provided 
using values separated by a comma. We'll report QID: 
82051 (when a required port is NOT detected). 


unauthorized_ports={value} 


Specify unauthorized ports. Multiple ports can be 
provided using values separated by a comma. 

We'll report QID: 82043 (when an unauthorized port is 
detected). 


User Access 


Control user access to template and reports generated 
from template. 


global={0|1} 


Share this report template with other users by making it 
global. Specify 1 to make it global. 


report_access_users={value} 


Specify the username to share the report with a user who 
wouldn't already have access to the report. Multiple 
usernames can be provided using values separated by a 
comma. Each user you add will be able to view reports 
generated from this template even if they don't have 
access to the IPs in the report. 


Cloud Asset Metadata Fields in CSV Format 


See the table below to know which cloud asset metadata columns will appear in your CSV 
reports based on your report template settings. Columns will appear in the order shown. 


Legacy EC2/Azure Fields Cloud Provider Metadata Fields All Fields 
EC2 Instance ID Cloud Provider Cloud Provider 
Public Hostname Cloud Provider Service Cloud Provider Service 
Image ID Cloud Service Cloud Service 
VPC ID Cloud Resource ID Cloud Resource ID 
Instance State Cloud Resource Type Cloud Resource Type 
Private Hostname Cloud Account Cloud Account 
Instance Type Cloud Image ID Cloud Image ID 
Account ID Cloud Resource Metadata Cloud Resource Metadata 
Region Code EC2 Instance ID 
Subnet ID Public Hostname 
Image ID 
VPC ID 


Instance State 
Private Hostname 
Instance Type 
Account ID 
Region Code 
Subnet ID 
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Important note about the Legacy EC2/Azure Fields in CSV 


These fields were originally introduced for AWS cloud assets and will be populated with 
metadata for your AWS EC2 assets. 


For Azure and GCP assets, all Legacy EC2/Azure columns will appear blank in the CSV 
report, except for the EC2 Instance ID column. We will continue to populate the EC2 
Instance ID column for all cloud assets (AWS, Azure, GCP). The EC2 Instance ID column is 
replaced by Cloud Resource ID, and will be deprecated in a future release. 


Cloud Asset Metadata Fields in XML Format 


See the table below to know which cloud asset metadata tags will appear in your XML 
reports based on your report template settings. 


Cloud Provider Legacy EC2/Azure Fields Cloud Provider Metadata Fields All Fields 
AWS CLOUD_PROVIDER CLOUD_PROVIDER CLOUD_PROVIDER 
CLOUD_PROVIDER_SERVICE | CLOUD_PROVIDER_SERVICE, CLOUD_PROVIDER_SERVICE, 
CLOUD_SERVICE CLOUD_SERVICE CLOUD_SERVICE 
CLOUD_RESOURCE_ID CLOUD_RESOURCE_TYPE CLOUD_RESOURCE_TYPE 
CLOUD_ACCOUNT CLOUD_RESOURCE_ID CLOUD_RESOURCE_ID 
EC2_INSTANCE_ID CLOUD_ACCOUNT CLOUD_ACCOUNT 
EC2_INFO CLOUD_IMAGE_ID EC2_INSTANCE_ID 
CLOUD_RESOURCE_METADATA CLOUD_IMAGE_ID 
EC2_INFO 
CLOUD_RESOURCE_METADATA 
Azure CLOUD_PROVIDER CLOUD_PROVIDER CLOUD_PROVIDER 
CLOUD_PROVIDER_SERVICE | CLOUD_PROVIDER_SERVICE, CLOUD_PROVIDER_SERVICE 
CLOUD_SERVICE CLOUD_SERVICE CLOUD_SERVICE 
CLOUD_RESOURCE_ID CLOUD_RESOURCE_TYPE CLOUD_RESOURCE_TYPE 
CLOUD_ACCOUNT CLOUD_RESOURCE_ID CLOUD_RESOURCE_ID 
EC2_INSTANCE_ID CLOUD_ACCOUNT CLOUD_ACCOUNT 
AZURE_VM_INFO CLOUD_IMAGE_ID EC2_INSTANCE_ID 
CLOUD_RESOURCE_METADATA CLOUD_IMAGE_ID 
AZURE_VM_INFO 
CLOUD_RESOURCE_METADATA 
GCP CLOUD_RESOURCE_ID CLOUD_PROVIDER CLOUD_PROVIDER 
EC2_INSTANCE_ID CLOUD_PROVIDER_SERVICE CLOUD_PROVIDER_SERVICE 
CLOUD_SERVICE CLOUD_SERVICE 
CLOUD_RESOURCE_TYPE CLOUD_RESOURCE_TYPE 
CLOUD_RESOURCE_ID CLOUD_RESOURCE_ID 
CLOUD_ACCOUNT CLOUD_ACCOUNT 
CLOUD_IMAGE_ID EC2_INSTANCE_ID 
CLOUD_RESOURCE_METADATA CLOUD_IMAGE_ID 
CLOUD_RESOURCE_METADATA 


EC2 INFO includes: PUBLIC_DNS_NAME, IMAGE_ID, VPC_ID, INSTANCE_STATE, 
PRIVATE_DNS_NAME, INSTANCE_ TYPE, ACCOUNT ID, REGION_CODE, SUBNET_ID 


AZURE_VM_INFO includes: PUBLIC_IP_ADDRESS, IMAGE_OFFER, IMAGE_VERSION, 
SUBNET, VM_STATE, PRIVATE_IP_ADDRESS, SIZE, SUBSCRIPTON_ID, LOCATION, 
RESOURCE_GROUP_NAME 


CLOUD_RESOURCE_METADATA for AWS includes: INSTANCE_ID, PUBLIC_DNS_NAME, 
PUBLIC_IP_ADDRESS, PRIVATE_IP_ADDRESS, IMAGE_ID, SPOT_INSTANCE, 
AVAILABILITY_ZONE, VPC_ID, GROUP_ID, GROUP_NAME, LOCAL _ HOSTNAME, 
INSTANCE_STATE, PRIVATE_DNS_NAME, INSTANCE_TYPE, ACCOUNT_ID, REGION_CODE, 
SUBNET_ID, RESERVATION_ID, MAC_ADDRESS 
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CLOUD_RESOURCE_METADATA for Azure includes: VM_ID, VM_NAME, PLATFORM, 
PUBLIC_IP_ADDRESS, IMAGE_OFFER, IMAGE_PUBLISHER, IMAGE_VERSION, SUBNET, 
VM_STATE, PRIVATE_IP_ADDRESS, SIZE, SUBSCRIPTION_ID, LOCATION, 
RESOURCE_GROUP_NAME, MAC_ADDRESS 


CLOUD_RESOURCE_METADATA for GCP includes: INSTANCE_ID, HOST_NAME, 
MACHINE_TYPE, MACHINE STATE, PROJECT_ID, PUBLIC_IP_ADDRESS, VPC_NETWORK, 
ZONE, PRIVATE_IP_ADDRESS, MAC_ADDRESS 


DTD 
<platform API server>/api/2.0/fo/report/template/scan/scanreporttemplate_info.dtd 


Sample - Create scan template 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST -H 
"Content-type: text/xml" --data-binary @scan_export.xml 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/scan/?act 
ion=create&report format=xml" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2017-04-06T05:41:32Z</DATETIME> 
<CODE>Scan Report Template(s) Created Successfully 
[89876]</CODE> 
EXT></TEXT> 
</RESPONSE> 
</SIMPLE_RETURN> 


Sample - Update Scan template 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X PUT -H 
"Content-type: text/xml" --data-binary @scan_export.xml 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/scan/?act 
ion=updateé&étemplate id=8209é&report format=xml" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2017-04-04T10:52:342</DATETIME> 
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ea) 
V 


<CODE>Scan Report Template Updated Successfully [8209]</COD 

EXT></TEXT> 
</RESPONSE> 

</SIMPLE RETURN> 


Sample - Delete Scan template 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -d 
"action=deleteétemplate id=8209" 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/scan/" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-04-04T10:54:37Z</DATETIME> 
<CODE>Scan Report Template(s) Deleted Successfully 
[8209]</CODE> 
<TEXT></TEXT> 
</RESPONSE> 
</SIMPLE_RETURN> 


Sample - Export Scan template 


Exports the report template based on the template ID. When the template ID is not 
specified, exports all templates for the report type. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/scan/?act 
ilon=exportétemplate id=89470&report format=xml" 


XML output: 

<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE REPORTTEMPLATE SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/scan/scan 
reporttemplate info.dtd"> 
<REPORTTEMPLATE> 

<SCANTEMPLATE> 

<TITLE> 
<INFO key="title"><! [CDATA[Scan-Report-To-Create-Do not 
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Change] ]></ INFO> 

<INFO key="owner"><![CDATA[1086]]></INFO> 

</TITLE> 

<TARGET> 
<INFO key="scan_selection"><! [CDATA[HostBased] ] ></INFO> 
<INFO key="include_trending"><! [CDATA[1]]></INFO> 
<INFO key="selection_ type"><! [CDATA[days] ]></INFO> 
<INFO key="selection_ range"><! [CDATA[5]]></INFO> 
<INFO key="limit timeframe"><! [CDATA[1] ]></INFO> 
<INFO key="asset_groups"><! [CDATA[PBPS-Targets] ] ></INFO> 
<INFO key="tag_set_by"><! [CDATA[id] ]></INFO> 
<INFO key="tag_set_include"><! [CDATA[8644659] ] ></INFO> 
<INFO key="tag_set_exclude"><! [CDATA[8262228] ] ></INFO> 
<INFO key="tag include selector"><! [CDATA[ALL] ]></INFO> 
<INFO key="tag exclude selector"><! [CDATA[ALL] ] ></INFO> 
<INFO key="network"><! [CDATA[-100] ]></INFO> 
<INFO key="ips"><! [CDATA[10.10.0.1,10.10.0.5]]></INFO> 
<INFO key="host with cloud agents"><! [CDATA[all]]></INFO> 

</TARGET> 

<DISPLAY> 
<INFO key="graph business risk"><! [CDATA[1]]></INFO> 
<INFO key="graph vuln over time"><! [CDATA[1] ]></INFO> 
<INFO key="display text summary"><! [CDATA[1] ]></INFO> 
<INFO key="graph_status"><! [CDATA[1] ]></INFO> 
<INFO key="graph potential status"><! [CDATA[1]]></INFO> 
<INFO key="graph_ severity"><! [CDATA[1]]></INFO> 
<INFO key="graph potential severity"><! [CDATA[1]]></INFO> 
<INFO key="graph_ ig severity"><! [CDATA[1]]></INFO> 
<INFO key="graph_ top categories"><! [CDATA[1] ]></INFO> 
<INFO key="graph top vulns"><! [CDATA[1] ]></INFO> 
<INFO key="graph_os"><! [CDATA[1]]></INFO> 
<INFO key="graph_services"><! [CDATA[1] ]></INFO> 
<INFO key="graph top ports"><! [CDATA[1]]></INFO> 
<INFO key="display custom _footer"><! [CDATA[1]]></INFO> 
<INFO 

key="display custom footer text"><! [CDATA[Test@123]]></INFO> 

<INFO key="sort_by"><! [CDATA[host] ] ></INFO> 
<INFO key="cvss"><! [CDATA[all] ]></INFO> 
<INFO key="host_details"><! [CDATA[0] ]></INFO> 
<INFO key="qualys system _ids"><! [CDATA[1] ]></INFO> 
<INFO key="include text summary"><! [CDATA[1] ]></INFO> 
<INFO key="include vuln details"><! [CDATA[1] ]></INFO> 
<INFO key="include vuln details threat"><! [CDATA[1]]></INFO> 
<INFO key="include vuln details impact"><! [CDATA[1]]></INFO> 
<INFO 


key="include vuln details solution"><! [CDATA[1]]></INFO> 
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<INFO key="include vuln details vpatch"><! [CDATA[1]]></INFO> 
<INFO 
key="include vuln details compliance"><! [CDATA[1]]></INFO> 
<INFO 
key="include vuln details exploit"><! [CDATA[1] ]></INFO> 
<INFO 
key="include vuln details malware"><! [CDATA[1] ]></INFO> 
<INFO 
key="include vuln details results"><! [CDATA[1] ]></INFO> 
<INFO 
key="include vuln details appendix"><! [CDATA[1]]></INFO> 
<INFO key="exclude_ account _id"><! [CDATA[1]]></INFO> 
<INFO 
key="include vuln details reopened"><! [CDATA[1]]></INFO> 
<INFO key="metadata_ec2 instances"><! [CDATA[1] ]></INFO> 
<INFO key="cloud_ provider metadata"><! [CDATA[1]]></INFO> 
<INFO key="metadata_ec2 instances"><! [CDATA[0] ]></INFO> 
</DISPLAY> 
<FILTER> 
<INFO key="selective vulns"><! [CDATA[complete] ] ></INFO> 
<INFO key="search list _ids"><! [CDATA[] ]></INFO> 
<INFO key="exclude gid option"><! [CDATA[1]]></INFO> 
<INFO key="exclude search list _ids"><! [CDATA[]]></INFO> 
<INFO key="included_os"><! [CDATA[ALL] ] ></INFO> 
<INFO key="status_new"><! [CDATA[1]]></INFO> 
<INFO key="status_active"><! [CDATA[1]]></INFO> 
<INFO key="status_reopen"><! [CDATA[1]]></INFO> 
<INFO key="status_fixed"><! [CDATA[1] ]></INFO> 
<INFO key="vuln_active"><! [CDATA[1]]></INFO> 
<INFO key="vuln_ disabled"><! [CDATA[1]]></INFO> 
<INFO key="vuln_ignored"><! [CDATA[1] ]></INFO> 
<INFO key="potential active"><! [CDATA[1]]></INFO> 
<INFO key="potential disabled"><! [CDATA[1]]></INFO> 
<INFO key="potential ignored"><! [CDATA[1]]></INFO> 
<INFO key="ig_active"><! [CDATA[1] ]></INFO> 
<INFO key="ig_ disabled"><! [CDATA[1]]></INFO> 
<INFO key="ig_ignored"><! [CDATA[0]]></INFO> 
<INFO key="display non running kernels"><! [CDATA[1]]></INFO> 
<INFO key="exclude non running kernel"><! [CDATA[0]]></INFO> 
<INFO 
key="exclude non running services"><! [CDATA[1]]></INFO> 
<INFO key="exclude_ superceded patches"><! [CDATA[1]]></INFO> 
<INFO 
key="exclude qids not exploitable due to configuration"><! [CDATA[1 
]]></INFO> ` 4 of 
<INFO key="categori s_list"><! [CDATA[ALL] ] ></INFO> 
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</FILTER> 


<SERVICE 


<IN 


FO 


trojan,Apple 


Net 


<IN 
work 


<IN 


<IN 
<IN 


FO 


FO 


FO 
FO 


SPORTS> 
key="required services"><! [CDATA[ActiveSync, akak 


Airport Management, Applix TM1 Server] ]></INFO> 


key="unauthorized services"><! [CDATA[aml,Arkeiad 


Backup, auth] ] ></INFO> 


key="services info"><! [CDATA[aml,Arkeiad Network 


Backup, auth] ] ></INFO> 


key="required ports"><! [CDATA[12] ]></INFO> 
key="unauthorized ports"><! [CDATA[21]]></INFO> 


</SERVIC 


ESPORTS> 


<USERACC 


ESS> 


<IN 


FO 


key="report_access_users"><![CDATA[start_rm2,start_su]]></INFO> 


< 
</R 


<IN 


FO 


key="global"><! [CDATA[1] ]></INFO> 


</USE 


RAC 


CESS> 


/ SCANT 


EMP 


ATE> 


EPORTT 


EMP 


ATE> 
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PCI Scan Template 
/api/2.0/fo/report/template/pciscan/ 


Perform actions such as create, update, delete and export on the PCI Scan Template. 


PCI Scan Template Request 
A summary of API Endpoint URLs is provided below. 


Action API Endpoint /required parameters Method 


Create PCI Scan Template <base_url>/api/2.0/fo/report/template/pciscan/ POST 
Required parameters: 
action=create 
report_format=xml 


Update PCI Scan Template <base_url>/api/2.0/fo/report/template/pciscan/ PUT 


Required parameters: 
template_id={value} 
action=update 
report_format=xml 


Delete PCI Scan Template <base_url>/api/2.0/fo/report/template/pciscan/ POST 
Required parameters: 
template_id={value} 
action=delete 


Export PCI Scan Template <base_url>/api/2.0/fo/report/template/pciscan/ GET 
Required parameters: 
action=export 
report_format=xml 


Optional parameter: 

template_id={value} 

When unspecified all templates for the report 
type get exported. 
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PCI Scan Template settings 


Go to Scan Template settings. The same parameters used to define PCI Scan Template 
settings. All parameters (all are optional). 
In addition the following parameters are used for PCI Risk Ranking. 


Parameter Description 


custom_pci_ranking={0|1}} Specify 1 to enable custom PCI risk ranking. When 
disabled Qualys will use default PCI ASV risk rankings. 


customized_ranking_medium_from={0|1|2]3|4|5|6|7|8/9|10} 


By default Qualys uses risk rankings High, Medium, Low. 
By default for a new template, these are set to the same 
CVSS scores as required for ASV external scans. You can 
customize the ASV scores using the scale. When custom 
PCI risk ranking is enabled, this parameter sets the 
Medium marker value. Choose between 0 to 10 to set the 
Medium marker value. 


customized_ranking_high_from={0|1|2|3|4|5|6|7|8|9|10} 


When custom PCI risk ranking is enabled, this parameter 
sets the High marker value. Choose between 0 to 10 to set 
the High marker value. 


customized_ranking_comments={value} 


When custom PCI risk ranking is enabled, a comment on 
the custom ranking is required. Enter any string up to 400 
characters. 


customized_ranking_qid_searchlist_comments={<search list 
id1/name1>|<SEVERITY>|<comments>,<search list 
id2/name2>|<SEVERITY>|comments>} 


When custom PCI risk ranking is enabled, you can specify 
custom rankings for QID search lists (i.e. custom rankings 
per set of vulnerabilities in our KnowledgeBase). Use the 
format shown. For example: searchlistid1|HIGH]|"some 
comments” ,searchlistid2|MEDIUM|"some comments” 


DTD 
<platform API server>/api/2.0/fo/report/template/pciscan/pciscanreporttemplate_info.dtd 


Samples 


Refer to Scan template examples for create, update, delete and export sample requests. 
Requests and outputs for PCI Scan template are similar. 
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Perform actions such as create, update, delete and export on the Patch Template. 


Patch Template Request 


A summary of API Endpoint URLs is provided below. 


Action 


API Endpoint /required parameters 


Method 


Create Patch Template 


<base_url>/api/2.0/fo/report/template/patch/ 
Required parameters: 

action=create 

report_format=xml 


POST 


Update Patch Template 


<base_url>/api/2.0/fo/report/template/patch/ 


Required parameters: 
template_id={value} 
action=update 
report_format=xml 


PUT 


Delete Patch Template 


<base_url>/api/2.0/fo/report/template/patch/ 
Required parameters: 

template_id={value} 

action=delete 


POST 


Export Patch Template 


<base_url>/api/2.0/fo/report/template/patch/ 
Required parameters: 

action=export 

report_format=xml 


Optional parameter: 

template_id={value} 

When unspecified all templates for the report 
type get exported. 


GET 


Patch Template settings 


These parameters (all are optional) are used for a create or update request to define Patch 
template settings. When creating a new template the default value is shown in bold where 


applicable. 
Parameter Description 
Title The template title and owner. 


title={value} 


A string value for the title. Length is maximum 64 


characters. 


owner=({value} 


Username of the owner of this template. 


Validity of the owner to create reports is based on the 
user role or business unit. See About template owner. 
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Parameter Description 

Target What target assets to include in the report. 
patch_evaluation= Specify classic to choose Classic patch evaluation or 
{qidbased|classic} specify qidbased to choose QID based patch evaluation. 
asset_groups Asset groups to include in the report. Multiple asset 


groups are comma separated. 


asset_group_ids={value} Specify the ID of the asset group(s) to report on. Multiple 
asset group IDs are comma separated. We'll report on all 
the IPs in the asset groups. 


tag_set_by=(namelid} Specify the name of the tags or the ID of the tags for the 
hosts you want to report on. Multiple tag names or tag 
IDs are comma separated. 


tag_include_selector= Specify ALL to match all the asset tags for the hosts you 

ALL|ANY) want to report on (This is an AND operation). Specifying 
ANY will match any of the assets tags (This is an OR 
operation). 

tag_set_include={value} Specify asset tags for the hosts you want to report on. 


We'll find the hosts in your account that match your tag 
selection and include them in the report. 
Multiple tags can be provided using comma separated 


values. 
tag exclude_selector= Specify ALL to match all the asset tags for the hosts you 
{ALL|ANY} want do not want to report on (This is an AND operation). 


Specifying ANY will match any of the assets tags (This is 
an OR operation). 


tag_set_exclude={value} Specify asset tags for the hosts you do not want to report 
on. We'll find the hosts in your account that match your 

tag selection and exclude them from the report. 

Multiple tags can be provided using comma separated 

values. 


network={value} Valid only when the Networks feature is enabled for your 
account.) A network name containing the IPs to include. 
For a new template the default network is Global Default 


Network. 
ips={value} IP addresses to include in the report. Multiple IPs are 
comma separated. 
Display Display options to include in the report. 
group_by={HOST|PATCH|OS| Sort and group the results of the report by any of the 
AG} following: 
Host = HOST 


Patch = PATCH 
Operating System = OS 
Asset Group = AG 


When include_cloud_metadata=1 is specified, then only 
group_by=HOST is supported. 
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Description 


include_cloud_metadata= 
{0/1} 


(Optional) Specify 1 to include cloud metadata for your 
cloud assets. Only cloud metadata for AWS is supported 
at this time. When not specified during a create request, 
a value of 0 is used. When not specified during an update 
request, the previous value saved in the template is kept. 


Notes for update patch template request: 


- If include_cloud_metadata is set to 0 in the template, 
then you can change the group_by option to any 
supported value (HOST, PATCH, OS, AG). 


- If include_cloud_metadata is set to 1 in the template 
and you change the group_by option to a value other 
than HOST during an update request, then we will 
automatically disable the cloud metadata option and 
we'll show a notification in the response, letting you 
know that the option was disabled as a result of the 
change. 


- If group_by is set to a value other than HOST in the 
template and you specify include_cloud_metadata=1 
during an update request, then an error will occur 
because include_cloud_metadata can only have a value 
of 1 when group_by is set to HOST. 


include_table_of_qids_fixed= 
0]1) 


far 4 


Specify 1 to include QIDs that will be fixed by each patch. 


include_patch_links={0|1} 


ue a 


Specify 1 to include the available links for each patch. 


include_patches_from_unsp 
ecified_vendors={0|1} 


£ 4 


Specify 1 to include patches from unspecified vendors. 


patch_severity_by= 
assigned|highest} 


Specify assigned to display severity which is assigned to 
the QID for the patch detection. Specify highest to display 
the severity which is highest across all QIDs found on the 
host that can be patched. 


patch_cvss_score_by= 
assigned|highest|none} 


Specify the CVSS version score you want to display in 
reports. 

assigned - CVSS score assigned to the QID for the patch 
detection 
highest - CVSS score highest across all QIDs found on the 
host that can be patched. 

none - Do not display CVSS scores. 


cvss={all|cvssv2|cvssv3} 


Specify the CVSS version score you want to display in 
reports. 

all - both CVSS versions 

cvssv2 - CVSS version 2 

cvssv3 - CVSS version 3 


display_custom_footer={0|1} 


Specify 1 to include custom text in the report footer. 
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Description 


display_custom_footer_text= 
[value) 


Specify custom text like a disclosure statement or data 
classification (e.g. Public, Confidential). The text you 
enter will appear in all reports generated from this 
template, except reports in XML and CSV formats. Length 
is maximum 4000 characters. 


exclude_account_id={0|1} 


Specify 1 to exclude the account login ID in the filename 
of downloaded reports. Use this option to remove the 
login ID from the filename. 


Filters 


Filter options such as vulnerabilities, QIDs, patches. 


selective_vulns={complete| 
custom} 


Specify complete to show results for any and all 
vulnerabilities found. 

Specify custom to filter your reports to specific QIDs (add 
static search lists) or to QIDs that match certain criteria 
(add dynamic search lists). For example, maybe you only 
want to report on vulnerabilities with severity 4 or 5. Tip - 
Exclude QIDs that you don't want in the report. 


search_list_ids= 
{value 


Specify QID to be included in the report. Multiple QIDs 
can be provided using values separated by a comma. 

This parameter is required only if 
selective_vulns=custom. 


exclude_qid_option={0|1} 


Specify 1 to exclude QIDs from the report. 


exclude_search_list_ids= 
{value 


Specify QID to be excluded from the report. Multiple QIDs 
can be provided using values separated by a comma. 
This parameter is required only if exclude_qid_option=1. 


display_non_running_kernel 
s={0|1} 


Specify 1 to include a list of all vulnerabilities found on 
non-running kernels. 


exclude_non_running_kerne 
1={0|1} 


Specify 1 to exclude vulnerabilities found on non-running 
kernels. 

Use only one parameter at a time: highlight_arf_kernel or 
arf_kernel. 


exclude_non_running servic 
es=(0|1} 


Specify 1 to only include vulnerabilities found where the 
port/service is running. 


exclude_qids_not_exploitabl 
e_due_to_configuration=({0|1} 


Specify 1 to exclude vulnerabilities that are not 
exploitable because there’s a specific configuration 
present on the host. 


selective_patches= 
{complete|custom} 


Specify complete to show results for any and all patches 
found. 

Specify custom to filter your reports to specific QIDs (add 
static search lists) or to QIDs that match certain criteria 

add dynamic search lists). For example, maybe you only 
want to report on vulnerabilities with severity 4 or 5. Tip - 
Exclude QIDs that you don't want in the report. 


exclude_patch_gid_option= 
{0/1} 


Specify 1 to exclude patch QIDs from the report. 
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patch_search_list_ids= 


{value} 


Specify patch QID to be included in the report. Multiple 
patch QIDs can be provided using values separated by a 
comma. 
This parameter is required only if 
selective_patches=custom. 


exclude_patch_search_list_i 


ds={value} 


Specify patch QID to be excluded from the report. 
Multiple patch QIDs can be provided using values 
separated by a comma. 
This parameter is required only if 
exclude_patch_gid_option=1. 


found_since_days={7|30|90|365|NoLimit} 


Show only patches for vulnerabilities detected during the 
specified period of time in days. Specify NoLimit for no 
time limit. 


User Access 


Control user access to template and reports generated 
from template. 


global={0|1} 


Share this report template with other users by making it 
global. Specify 1 to make it global. 


report_access_users={value} 


Specify the username to share the report with a user who 
wouldn't already have access to the report. Multiple 
usernames can be provided using values separated by a 
comma. Each user you add will be able to view reports 
generated from this template even if they don't have 
access to the IPs in the report. 


DTD 


<platform API server>/api/2.0/fo/report/template/patch/patchreporttemplate_info.dtd 


Sample Create Patch Template 


API request: 


curl -u 
Content-Type:text/xml --data-binary 
"@/home/sample/cloudmetadata_api/patch create.xml" 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/patch/?ac 
tion=create&report format=xml" 


Where patch_create.xml 


"USERNAM 


,: PASSWORD" -H "X-Requested-With: Curl" -X POST -H 


is an XML file that contains the patch template settings: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYP 


E REPORTTEMPLATE SYSTEM 


"https://qualysapi.qualys.com/api/2.0/fo/report/template/patch/pat 


chreport 


<REPO 


RTT 


EMPLATE> 


<PATC 
<TITLI 


HTE 


MPLATE> 


ea 
V 


template info.dtd"> 
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<INFO key="title"><![CDATA[My Patch Report]]></INFO> 

<INFO key="owner"><! [CDATA[225889] ]></INFO> 

</TITLE> 

<TARGET> 

<INFO key="patch evaluation"><! [CDATA[qidbased] ] ></INFO> 
<INFO key="asset_groups"><![CDATA[AG1, AG2, AG3]]></INFO> 
<INFO key="ips"><! [CDATA[] ]></INFO> 

</TARGET> 

<DISPLAY> 

<INFO key="group_by"><! [CDATA [HOST] ] ></INFO> 

<INFO key="include table of gids fixed"><! [CDATA[0] ]></INFO> 
<INFO key="include patch links"><! [CDATA[0]]></INFO> 

<INFO 

key="include patches from unspecified vendors"><! [CDATA[0] ]></INFO 


<INFO key="patch_ severity by"><! [CDATA[assigned] ]></INFO> 
<INFO key="patch cvss score by"><! [CDATA[none] ]></INFO> 
<INFO key="cvss"><! [CDATA[all] ]></INFO> 
<INFO key="display custom _footer"><! [CDATA[0]]></INFO> 

<INFO key="display custom footer text"><! [CDATA[] ]></INFO> 
<INFO key="exclude_ account _id"><! [CDATA[0]]></INFO> 

<INFO key="include_ cloud _metadata"><! [CDATA[1]]></INFO> 
</DISPLAY> 

<FILTER> 

<INFO key="selective vulns"><! [CDATA[complete] ] ></INFO> 

<INFO key="exclude_ gid option"><! [CDATA[0]]></INFO> 

<INFO key="display non running kernels"><! [CDATA[0]]></INFO> 
<INFO key="exclude non running kernel"><! [CDATA[0]]></INFO> 
<INFO key="exclude_ non running services"><! [CDATA[0]]></INFO> 
<INFO 
key="exclude qids not exploitable due to configuration"><! [CDATA[0 
]]></INFO> ` aona TA 

<INFO key="selective patches"><! [CDATA [complete] ]></INFO> 

<INFO key="exclude patch qid option"><![CDATA[0]]></INFO> 

<INFO key="found since days"><![CDATA[30]]></INFO> 

</FILTER> 

<USERACCESS> 

FO key="report access _users"><! [CDATA[] ]></INFO> 

<INFO key="global"><! [CDATA[1] ]></INFO> 

</USERACCESS> 

</PATCHTEMPLATE> 

</REPORTTEMPLATE> 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
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F 


SIMPLE RETURN SYSTEM 


"https:/ 


/q 


ualysapi.qualys.com/api/2.0/simple_ return.dtd"> 


<SIMPLE R 


F 


,TURN> 


<RES 


PONS 


E> 


<DAT 


ETIM 


E>2021-06-18T08:06:07Z</DAT 


ETIME> 


<T 
<ITl 


EM 


EXT> 


Patch Report Template (s) Successf EXT> 


IST> 


ully Created.</T 


<ITl 
< 


</ITE 


K 
<VA 
</IT 


M> 

EY>ID</KEY> 
UUE>5084140</VALU 
EM> 


GI 


SEESTS 


</RES 


PONS 


E> 


</SIMPL 


,TURN> 


Sample Update Patch Template 


API request: 


curl -u 


"@/home/sa 


"US 
Content-Type: tex 


ERNAME: PASSWORD" -H "X-Requested-With: Curl" 
t/xml --data-binary 


mple/cloudmetadata_api/patch update.xml" 


=H 


"https://qualysapi.qualys.com/api/2.0/fo/report/template/patch/?ac 


tion=updat 


Where patch_updat 


&template_id=5062219é&report format=xml" 


e.xml is an XML file that contains the patch template settings. See 


“Sample Create Patch Template” for more information. 


XML output (Success): 


= 


<?xml vers 
<!DOCTYPE 


ion="1.0" encoding="UTF-8" ?> 


"https: / 
/update/o 
<SIMPLE R 


u 


F 


/q 


,TU 


SIMPLE RETURN SYSTEM 
ualysapi.qualys.com/api/2.0/fo/report/template/patch/dtd 
tput.dtd"> 

RN> 


<RES PONS 


E> 


<DATET 


IME>2021-06-18T10:39:12Z</DATETIME> 


<TEXT> 
<ITE 


EXT> 


Patch Report Templat 
IST> 


Successfully Updated</T! 


<ITl 


EY>ID</KEY> 
UUE>5062219</VALU 
EM> 

,IST> 


Gl 


E> 


ETURN> 


s with Notification): 


XML output (Succes 


<?xml vers 


ion="1.0" encoding="UTF-8" ?> 
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<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/report/template/patch/dtd 
/update/output.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2021-06-18T10:39:12Z</DATETIME> 
<TEXT>Patch Report Template Successfully Updated</TEXT> 
<NOTIFICATION>Cloud provider Metadata setting has been turned 
off for this template as group by is changed to OS</NOTIFICATION> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>5062219</VALU 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 


XML output (with Error): 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE SIMPLE RETURN SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/report/template/patch/dtd 

/update/output.dtd"> 

<SIMPLE RETURN> 

<RESPONSE> 

DATETIME>2021-06-18T10:39:122Z</DATETIME> 

<CODE>1905</CODE> 

<TEXT>parameter include cloud metadata has invalid value: 1 

(include cloud metadata can only be set when group by is set to 

HOST) </TEXT> ` E 
</RESPONSE> 

</SIMPLE RETURN> 
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/api/2.0/fo/report/template/map/ 


Perform actions such as create, update, delete and export on the Map Template. 


Map Template Request 


A summary of API Endpoint URLs is provided below. 


Action 


API Endpoint /required parameters Method 


Create Map Template 


<base_url>/api/2.0/fo/report/template/map/ POST 
Required parameters: 

action=create 

report_format=xml 


Update Map Template 


<base_url>/api/2.0/fo/report/template/map/ PUT 


Required parameters: 
template_id={value} 
action=update 
report_format=xml 


Delete Map Template 


<base_url>/api/2.0/fo/report/template/map/ POST 
Required parameters: 

template_id={value} 

action=delete 


Export Map Template 


<base_url>/api/2.0/fo/report/template/map/ GET 
Required parameters: 

action=export 

report_format=xml 


Optional parameter: 

template_id={value} 

When unspecified all templates for the report 
type get exported. 


Map Template settings 


These parameters (all optional) are used for a create and update requests. When creating 
a new template the default value is shown in bold where applicable.. 


Parameter 


Description 


Title 


title={value} 


A string value for the title. Length is maximum 64 
characters. 


owner={value} 


Username of the owner of this template. 


Validity of the owner to create reports is based on the 
user role or business unit. See About template owner. 


global={0|1} 


Share this report template with other users by making it 
global. Specify 1 to make it global. 
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Display 


map_sort_by={ipaddress|dns| 
netbios|router|operatingsyste 
m) 


Sort and group the results of the report by any of the 
following: 
IP Address = ipaddress 
DNS = dns 
NetBIOS = netbios 


Router = router 


Operating System = OS 

map_related_info_lastscand Specify 1 to include the last scan date. 

ate=(0|1} 

map_related_info_assetgrou Specify 1 to include the asset groups. 

ps=(0|1} 

map_related_info_authentic Specify 1 to include the authentication records. 

ationrecords={0|1} 

map_related_info_discovery Specify 1 to include the discovery method. 

method={0|1} 

display_custom_footer={0|1} Specify 1 to include custom text in the report footer. 

display_custom_footer_text= Specify custom text like a disclosure statement or data 

{value} classification (e.g. Public, Confidential). The text you 
enter will appear in all reports generated from this 
template, except reports in XML and CSV formats. Length 
is maximum 4000 characters. 

map_exclude_account_id= Specify 1 to exclude the account login ID in the filename 

{0|1} of downloaded reports. Use this option to remove the 
login ID from the filename. 

Filters Filter options to help you specify what to include. 

map_included_hosttypes_in Specify 1 to filter the report by host types - In Netblock. 

netblock={0|1 

map_included_hosttypes_sc Specify 1 to filter the report by host types - Scannable 

annable={0|1} 

map_included_hosttypes_liv Specify 1 to filter the report by host types - Live. 

e={0|1} 

map_included_hosttypes_ap Specify 1 to filter the report by host types - Approved. 

proved={0|1} 

map_included_hosttypes_ou Specify 1 to filter the report by host types - Not In 

tofnetblock={0|1} Netblock 

map_included_hosttypes_no Specify 1 to filter the report by host types - Not 

tscannable={O|1 Scannable 

map_included_hosttypes_no Specify 1 to filter the report by host types - Not Live. 

tlive={O|1 

map_included_hosttypes_ro Specify 1 to filter the report by host types - Rouge. 

gue={0|1 

Included Discovery Methods Specify at least one. 


594 


VM Report Templates 


Map Template 
Parameter Description 
map_idm_tcp={0|1} Specify 1 to filter the report by discovery methods - TCP. 
map_idm_udp={0|1} Specify 1 to filter the report by discovery methods - UDP. 
map_idm_traceroute=({0|1} Specify 1 to filter the report by discovery methods - 
TraceRoute 
map_idm_other={0|1} Specify 1 to filter the report by discovery methods - Other. 
map_idm_dns={0|1} Specify 1 to filter the report by discovery methods - DNS. 
map_idm_icmp=(0|1} Specify 1 to filter the report by discovery methods - ICMP. 
map_idm_auth={0|1} Specify 1 to filter the report by discovery methods - 
AUTH 
Included Status Levels Only applicable for differential map reports. 


7 


map_included_statuses_add Specify 1 to filter the report by statuses - Added. 
ed={0|1} 


map_included_statuses_rem Specify 1 to filter the report by statuses - Removed. 
oved={0|1} 


T 


map_included_statuses_acti Specify 1 to filter the report by statuses - Active. 
ve=[0|1) 


dns_exclusions={none|DNS|D Exclude hosts discovered only via: 
NS-DNSZone} none = None 
DNS = DNS 
DNS-DNSZone = DNS and/or DNS Zone Transfer 


included_os={value} Specify the operating system name to filter hosts. For 
example, to only report on Linux hosts make sure you 
provide the operating system name for Linux. 
Multiple operating system names can be provided using 
values separated by a comma. 
Specify ALL to include all operating systems. 
See Identified OS. 


Samples 


Refer to Scan template examples for create, update, delete and export sample requests. 
Requests and outputs for Map template are similar. 


About template owner 


The user who created the report template is the owner by default. Managers and Unit 
Managers have the option to specify/change the owner while creating a report template 
the first time or by updating an existing report template. Use the parameter “owner” to 
assign a template owner. 


Global report templates may be owned by Managers and Unit Managers. Non-global report 
templates may be owned by Managers, Unit Managers, Scanners and Readers. 


Managers / Unit Managers can assign only those users as template owners who are part of 
their hierarchy and are added in their subscription. 
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Map Template 
Identified OS Alcatel OmniSwitch 
i N P Allied 
Operating S ms identi 
P I Š yste sidentified by our Allied Telesyn Switch 
service as of March 2017 are listed below. oe 


Alteon ACE Switch 
Alteon Switch 

Altium 

Altium Wireless Device 


Looking for a more current listing? Sure 
thing. Just log in to your Qualys account 
and go to Help > About. 


Tip - In API requests replace spaces in OS Amazon Linux 
names with underscores. For example, ANG 
Apple Ios must be specified as app1e_Ios — Mogero 
3Com APC InfraStruXure 
3Com HomeConnect APC MasterSwitch 
3Com NBX APC Network 
3Com OfficeConnect APC Network Management Card AOS 
3Com SuperStack APC Smart-UPS 
3Com Switch AppCelera 
3Com Wireless Access Point AppCelera ICX 
AB Apple 
AB ControlLogix Apple Airport Wireless Access Point 
Adic Apple iOS 
Adic Scalar Apple Wireless Access Point 
Adic Storage Arescom 
ADIC Storage Arescom Device 
Adtran Arescom NetDSL 
Adtran Device Ascend 
Adtran NetVanta Ascend Router 
Adtran TSUIQ Ascent 
ADTX Ascent Router 
ADTX ArrayMasStor ASUS 
AIX ASUS Wireless 
AIX 4.2-4.3 ASUS Wireless Access Point 
AIX 4.3 Aten 
AIX 4.3.2.0-4.3.3.0 Aten KVM Switch 
AIX 4.33 ATT NetGate 
AIX 4.3-5.1 ATTO Device 
AIX 4.x AudioCodes 
AIX 4.x-5.x AudioCodes VOIP 
AIX 5.1 Avaya 
ATX. 5.2512 Avaya Device 
AIX 5.1-5.3 Avaya G350 
AIX 5.2 Avaya IP Phone 
AIX 53.3 Avaya Wireless Access Point 
AIX 5.3.0.4 Avocent 
AIX 5.x Avocent CCM Appliance 
AIX 6.x Axis 
Alcatel Axis Network Camera 
Alcatel OmniStack Axis Printer 
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Axis Storpoint CD 

Axis Video Server 

Axis Wireless Access Point 
Axonix SuperCD 

Bay Networks 

Bay Networks Router 

Bay Networks Switch 

Belkin 

Belkin Wireless Access Point 
BeOS 5 

BlueCoat Security Gateway 


BlueSocket Embedded Linux 2.4-2.6 


BorderWare Firewall 
Brocade Device 
Brother Printer 


BSD 
BSD Unix 
BSDI BSD 


BT Voyager 

Buffalo Wireless Access Point 
Cabletron 

Cabletron SmartSTACK 
Cabletron Switch 

Caldera 

Caldera Open Linux 

Caldera Open UNIX 7 

Caldera Open UNIX 8 

Canon 

Canon Network Printer 

Canon Print Server 

Canon Printer 

Cayman3000 

CEKAB Device 
CentOs 

CentOs 
CheckPoint 
CheckPoint FW1 
CheckPoint FW1 NG 
CheckPoint FW1 on Solaris 
CheckPoint SecurePlatform 
Cintech Switch 
Cirronet Wireless Access Point 
Cisco 
Cisco Analog Phone Gateway 
Cisco Analog Telephone Adaptor 
Cisco Arrowpoint WebNS 

Cisco ASA 

Cisco Catalyst 

Cisco Content Engine 


Cisco Content Services Switch 


Cisco Content Switching Solution 


Cisco Content/File Engin 

Cisco Controller 

Cisco File Engine 

Cisco Firewall Services Module 


Cisco IOS 

Cisco IP Phone 

Cisco IP/TV Program Manager 
Cisco Local Director 

Cisco PIX 

Cisco VPN 

Cisco WGB350 

Cisco Wireless Access Point 
ClearPath MCP 


CNT UltraNet Edge 
Cognitive Printer 
CometLabs Switch 
Compaq 
Compaq Insight Manager 
Compaq Switch 
Computone Device 


Connect2Air Wireless Access Point 


ControlLogix ENET 
Crossroads Storage Router 
Custom Micro Device 
CyberGuard Firewall 
CyberGuard Firewall 
Datamax I-Class 

Datamax Printer 

Dawning SNI 

Debian 

Dell 

Dell Laser 

Dell PowerConnect 

Dell PowerVault 

Dell Remote Access Controller 
Digi 

Digi One PortServer 

Digi One SP 


Digi Port Server 

Divar Video Camera 

D-Link 

D-Link DSL Modem 

D-Link Print Server 

D-Link Router 

D-Link Switch 

D-Link Wireless Access Point 


Draytek Router 
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DVD Server HP-UX 
Efficient Router HP-UX 10 
EFI Printer HP-UX 10.20 
EMC's Network-Attached Storage HP-UX 11 
Device Huawei Switch 
Enterasys HVAC controller 
Entry-Master Card Access Control IB 
System IBM 2210 
Epson Printer IBM 4400 Printer 
ExtendedNet Print Server IBM 4690 
Extreme IBM Infoprint 
Extreme Alpine IBM Mainframe 
Extreme Networks Device IBM Network Printer 
Extreme Networks ExtremeWare IBM OS/2 
Extreme Networks Switch IBM OS/390 
F5 Networks Big-IP IBM 0S/400 
Fabric OS IBM Printer 
FaxPress IBM Remote Supervisor Adapter 
Fiery Printer IBM Remote Supervisor Adapter II 
File Engine IBM Tape Library 
Fortigate IBM Token-Ring Stackable Hub 
Foundry Networks IBM z/VM 
FreeBSD i-data Print Server 
Fujitsu Indyme MTS Messaging Telephony 
Fujitsu Blade Server CU4400 
Gestetner Infinity Embedded Device 
Gestetner Printer Infortrend Serial ATA Storage 
Gigafast Subsystem 
Gigafast Wireless Access Point Intel 
Gigafast Wireless Access Point Intel NetportExpress Print Server 
Google Appliance Intel Switch 
Hawking Wireless Access Point Intel Wireless Access Point 
Honeyd HoneyPot Intergy Network Energy Source 
HP System 
HP 3000 MPE Intermate 
HP AdvanceStack Switch Intermate Print Server 
HP Deskjet Printer Intermate Print Server 
HP Fabric OS Intermec 
HP Guardian Service Processor Intermec EasyLAN Printer 
HP iLO Intermec Wireless Access Point 
HP Inkjet Printer Inter-Tel IP Phone 
HP JetDirect IP Phone 
HP LaserJet IRIX 
HP OpenVMS IRIX 6.2 
HP ProCurve IRIX. 6.5 
HP RILO IRIX behind Firewall or Load 
HP Surestore Library Balancer 
HP Switch IronPort 
HP Tru64 Juniper Networks 
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Juniper Networks Application 


Acceleration Platform DX 
Juniper Networks JUNOS 
Kentrox 

Kentrox Q2200 Router 
Konica 

Konica Minolta 

Konica Printer 

Kyocera 

Kyocera Mita 

Kyocera Printer 

Lancast 

Lancast Media Converter 
Lanier 

Lanier Printer 


Lantronix 
Lantronix CoBox 
Lantronix ETS32PR 
Lantronix MSS100 
Lantronix Printer 
Leitch 

Lexmark 

Lexmark Optra 


Lexmark Print Server 
Lexmark Printer 
LinkCom 


Linksys 
Linksys Router 
Linksys Wireless 


Linux 

Einux: 12: 851.2313 
Linux 2.0 

Linux 2.0.29 

Linux 2.0.30+ 

Linux 2.0.34-38 
Linux 2.1.19-2.2.20 
Linux 2.2 

Linux 2.2.20 

Linux 2.4 

Linux 2.4.0-2.5.20 
Linux 2.4.20-2.4.25 
Linux 2.4.20-3 
Linux 2.4.22 

Linux 2.4.7 

Linux 2.4.x 

Linux 2.4-2.6 

Linux 2.6 

Linux 2.x 
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LinkCom Xpress Print Server 


Linux 3.0 


Linux behind 

Lucent 

Lucent Cajun 

Lucent MAX 

Lucent Orinoco 
Lucent PBX 

Lucent Router 
Lucent WAP 

LynxOS 

acos 

acOS 10.0.x-10.1.x 
acOS 10.10 

acOS 10.11 

acOS 10.12 

acOS 10.3-10.4 
acos 8 

acos 9 

acOS X 

magicolor 

magicolor 2300 Printer 
magicolor 3300 Printer 
magicolor Printer 
arkNet Pro Printer 
editech MAGIC 


ILAN Print Server 
iLAN Switch 
iraPoint 
itel PBX 
torola HomeNet WR850G 
oxa 
oxa Async Server 

oxa NPort Serial Server 
ulti-Tech 
ulti-Tech CommPlete 
ulti-Tech MultiVOIP 
uratec MFX Printer 

NCR Unix 

NEC Projector 

Neoteris Instant Virtual 
NetApp 

NetApp behind FW1 
NetBlazer 

NetBSD 


G 
y 
i 
iLAN 
i 
i 
i 
i 
O 


Linux Based MRV LX Series Server 


Uninterruptible Power Supply 


Extranet 
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NETBuilder Bridge 
Netgear 
Netgear GSM 
Netgear Print Server 
Netgear Printer 
Netgear Router 
Netgear Smart Switch 
Netgear Switch 
Netgear Wireless Access Point 
Netopia 
Netopia Router 
Netphone 
Netphone IP Phone 
NetScaler 
NetScaler VPN Device 
NetScreen 
NetScreen 100 
NetScreen 50 
NetScreen 5XP 
NetSilicon Device 
Netsilicon Device 
NetWare 
NetWare 4.11-5.0 SP5 
NetWare 5 
NetWare 5.0 
NetWare 5.1 
NetWare 6 
NetWare 6.5 
NetWare Print Server 
Network Camera 
Network Print Server 
Network Printer 
Network Scanner 
NGS 500 Router 
NIB Network Printer 
Nokia 
Nokia IPSO 
Nokia Wireless Access Point 
Nortel 


Nortel Device 

Nortel Networks BayStack 
Nortel Passport 

Nortel Router 

Nortel Switch 

NRG 

NRG Network 

NRG Printer 

Okidata Printer 

OkiLAN Print Server 
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Open Networks Router 
OpenBSD 
Oracle Enterprise Linux 
Oracle Enterprise Linux 4.5 
Oracle Enterprise Linux 5.2 
ORiNOCO Wireless Access Point 
Orinoco Wireless Access Point 
Packeteer 

Packeteer PacketSeeker 
Packeteer PacketShaper 
Panasonic Network Camera 
Paradyne Device 

Perle Jetstream 

PocketPro Print Server 

Point Six Point Server 
Polycom 

Polycom Device 

Polycom MGC 

Polycom VSX 

Power Measurement ION Meter 
Powerware 

Powerware ConnectUPS 

Powerware UPS Devic 

Precidia Device 

Primergy RSB 

Printronix Printer 

Procom NetFORCE 
pSOSystem 

QNX 

Quantum 

Quantum NAS SnapServer 
Quantum PX506 Tape Library 
Quick Eagle Device 

RadiSys iRMX 

Radware Device 

Raptor Firewall 

Red Hat 

Redline 

Redline Networks Processor 
Redline Wireless Access Point 
Ricoh 

RICOH Aficio 

Ricoh Aficio 

Ricoh Printer 

Ringdale Device 

RIO Xtreme 

RiverStone Networks Router 
RoamAbout R2 

Rockwell 
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Rockwell Automation 

S3Wireless Wireless Access Point 
Savin Printer 

Scannex NetBuffer 

Schneider Electric Controller 
SCO 

SCO OpenServer 

SCO Unix 

SCO UnixWare 

SCO UnixWare Firewall 


SensaTronics Environmental Monitor 


Sentry Remote Power Manager 
Shark supercomputer 
Sharp Printer 


Shore Microsystems Link Protector 


Sidewinder G2 

Siemens 

Siemens 5940 Router 

Siemens HiPath 3000 

Siemens I-Gate 

Siemens IP Phone 

Siemens Wireless Access Point 
Signature System 

Silex Pricom Print Server 
SIMATIC NET CP 

SMC 

SMC Networks SMC8624T 

SMC Router 

SMC Wireless Access Point 
SMC2671 Wireless Access Point 
SNAP Ethernet Brain 

Snap Server 

Solaris 

Solaris 10 

Solaris 11 

Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 
Solaris 


N 
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Solaris 8-10 

Solaris 9 

Solaris 9-10 

Solaris behind 

Spectrum24 Wireless Access Point 
Stallion EasyServer 

StarDot NetCam 

Summit Switch 

Sun 

Sun Cobalt Linux 

Sun Lights Out 

SUN StorEdge RAID 

SuperScript Printer 

SuSE 
SuSE Linux 10 

SuSE Linux 11 

SuSE Linux 7 

SuSE Linux 8 

SuSE Linux 9 

Sveasoft Firmware 

Symantec Raptor Firewall 
Symbol Wireless Access Point 
Symon NetLite 

SYSTEC CAN-Ethernet Gateway 
Tandberg 

[Tandberg Device 

Tandem 

Tandem NSK 

Tektronix Phaser Printer 
elindus Router 

enor Switch 

TINI 

TiVo 

iVo Series 

TopLayer Appsafe 

Toshiba NWcamera 

[Transition Networks Device 

Trendnet Print Server 

[Trendware Print Server 

Tru64 

Tru64 Unix 4.0d 

Tru64 Unix 5.x 

Tut Modem 

[V Program Manager 

Robotics 

Robotics Access point 

Robotics ADSL Wireless Gateway 
Robotics Broadband Router 
Robotics Wireless Access Point 


x 


Ç 


m 


m 


m 


£ 
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Ubuntu 
Ubuntu 
Ubuntu 
Ubuntu 
Ubuntu 
Ubuntu 
Ubuntu 


Linux 10 
Linux 11 
Linux 7 
Linux 8 
Linux 9 
Linux LTS 


UNIX System V 

UNIX System V Release 4.2 

UNIX SystemUNIX System V 4 
Uptime Devices Monitoring System 
UptimeDevices Sensorprobe 

VAX 


VAX VMS 6.1 
VAX VMS 6.1 behind Sidewinder G2 
VAX VMS 6.2 
VAX VMS 7.1 
VAX VMS 7.1 behind Sidewinder G2 


Verilink WANsuite Router 
Vertical Horizon Stack 
VirtualAccess LinxpeedPro 


VMware 

VMWare ESX 3.5 
VMWare ESX 4.0 
VMWare ESX 4.1 
VMware ESX Server 
VMWare ESXi 4.0 
VMWare ESXi 4.1 
VMWare ESXi 5.0 
VMWare ESXi 5.0 


VxWorks Based Device 
WatchGuard Firewall 
Web Smart Switch 
WebNet uServer 
Windows 

Windows 10 

Windows 
Windows 
Windows 
Windows 
Windows 7 
Windows 8 
Windows 95 


Uninterruptible Power Supply Device 


Windows NT 
Windows NT4 
Windows RT 
Windows Vista 
Windows XP 
WKTI RDS 
Xerox 
Xerox 
Xerox 
Xerox 
Xerox 
Xerox 


Device 


Documen 


Phaser 
Xerox Plotter 
Xerox Printer 
Xerox WorkCen 
Xerox WorkCen 
XES Printer 


Encoder 


DocuColor Printer 


t Centre 


DocuPrint Printer 


Printer 


tre 
tre Printer 


XJet Print Server 


ZebraNet Prin 


t Server 


ZOT Print Server 


Identified Services 


Services identified 


by our service as of 


March 2017 are listed below. 


Looking for a more current listing? Just log 
in to your Qualys account and go to Help > 


About. 


Tip - In API requests replace spaces in 
service names with underscores. For 
example, Blackberry Attachment must be 
specified as Blackberry_Attachment 


ActiveSync 
DDP 
fpovertcp 
kak trojan 
mandaidx 


ooo > 


w 
3 
B 


plix 


ple_Airport_Management 


Windows 98 
Windows 9x 


Windows CE 
Windows 
Windows ME 


plix TM1 Admin Server 


D DDD D 


p 
p 
pplix_axnet 
p 
p 


rt 


plix TM1 Server 
Arkeiad Network Backup 
ARUGIZER_ BACKDOOR 

auth 
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Berlios Global Positioning_System_D 
aemon 


BIGFIX ENTERPRISE SERVER 
BITCOIN 

bitkeeper 

Blackberry Attachment 
BMC_Patrol 


BO2K backdoor 

bofra_worm 

bpcd 

bpjava_msvc 

ca_brightstor 

CA_License Management Agent 
CA Unicenter Services 
CENTUM CS 3000 
chargen 
chargen_udp 
CH 

c 


ECKPOINT FW-1 CLIENT AUTH SERVER 
hindi 

cisco _ cnr 

CISCO CNR AICSERVAGT 

Cisco Secure ACS 

cisco ta 

citadel 

Citrix CMC 

Citrix ICA 

CoDeSys 

Cognos Powerplay Enterprise Server 
Computer Associates License Manager 
COREid Access Server 

crystal _ info 

Crystal Reports App Server 

Crystal Reports CMS 

cvspserver 

daap 
dameware 

darxite 

daytime 

daytime_udp 

DC Directory Server 
dcerpe 

dchub 

DHCP _ or Bootp Server 
DNS Server 

dtspcd 

echo 

echo_udp 

edonkey server 

EMC EmailXtender 


finger 

Forte for Java 

ftp 

FW1 

FW1_NG Services 
gamsoft_telsrv 
GCS_SysID 

GIOP 

girlfriend 
gnutella 

gopher 

h323 

healthd 

HoneyD HoneyPot 

P_ DATAPROTECT 

P printer service 
parray 

pov_alarm 

POV_BBC 

POV_CODA 
pov_topmd 
pov_trcsvc 

ttp 

ttp_over ssl 

IBM SolidDB 

IBM _DB2 Universal Database 
IBM TIVOLI STORAGE MANAGER 
icecast 

ident 
imap 
INDUSOFT 

Infopulse Gatekeeper 
ipmi 

ipp 

LEC 

ISA Proxy 

isakmp 

ISAKMP over TCP 

iSCSI 

i SNS 

jabber 

Kadmin-4 

kazaa 

Kerberos-5 

12tp 

LANDesk 

JANDESK_CBA_PDS 

AANDESK MANAGEMENT AGENT 
AANDESK MANAGEMENT AGENT 


D D D Dp Fev p waa 
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ldap 

ldap over ssl 

limewire 

linuxconf 

lpd 

managesoft 

cAfee ePolicy Orchestrator 
melange chat 
ERCUR_Control-Service 
icromuse Netcool Object Server 
microsoft-ds 

icrosoft Message Queue Server 
minisql 

modbus 

ODBUS_UDP 

mqseries 

msdtc 

SMQ Ping 

msrpc 

msrpc-over-http 

msrpc_udp 

mssql 

mssql monitor 

MY DESKTOP 

mysql 

named_udp 

ncp 
nessus 
netbios ns 
netbios_ ssn 
netbus 

netop 

netstat 
Netviewer PC Duo 
nfs 


nntp 
ntp 
ocsp 

ocssd 

Omniquad_ Server 


open _vpn 

opennap 

oracle 

Oracle Express Server 

Oracle Express Server xsagent 
Oracle Express Server xsdaemon 
oracle intelligent agent 
ORACLE RMI 

pcanywhere 
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pen 
Polycom MGC _ Management 
pop2 

pop3 

PostgresQL 

pptp 

PRORAT TROJAN 

proxy http 

proxy telnet 

psmond 

pvserver 
Quote of the Day 
quote of the day udp 
radius 

radius _ tcp 

radmin 

recmd 


RealMedia _EncoderServer 
Red Carpet Daemon 


RELIABLE DATAGRAM SOCKETS OV 


ER TCP 


Resonate CD Agent 
resource monitor api 


Resource Monitoring and Control 


rip 

rlogin 
RMIRegistry 
rpc 

rpc_udp 

RSA Auth Mgr 
rsh/rexec 
rsyncd 

rtsp 
SAP_MAXDB 
SAP Protocol 
SAPgui 
SGI_Performance Copilot 
shell 

SHOUTcast 

skinny 

skype 

slapper 

SMS 
smtp 
smux 
snmp 
snmp2 

socks4 

socks5 
SPLASHTOP REMOTE 


J 


ESKTOP 
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spychat 

Spytech SpyAnywhere 

ssdp 

ssh 

ssh over _ssl 

swagentd 

swat 

sybase adaptive server 
Symantec EMS client server 
Symantec AntiVirus 

Symantec AntiVirus Rtvscan 
Symantec AntiVirus Rtvscan_UDP 
SysGalUR 

systa 
talk 
telne 
telne 
tftp 
time 
time udp 
timestamp over http 
trendmicro officescan 
trojan _fireby 

unknown 

unknown over ssl 

UPNP 
ut game queryport 
uucp 
VMware Authentication Daemon 
vnc 
vnetd 

voip sip 
Volume_Manager_Storage_Administrato 
£ 

VXWORKS WDBRPC_UDP 

watchguard_admin 

webshield 

win remote desktop 

winmx 

WINS Replication 

Wonderware InTouch 

wsmserver 

WSUS_SERVER 

x11 

X11_Font_Service 

xdmcp 

xinetd 

Xitami 

xpilot 


ct 


_over_ ssl 
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XYZFind 

Yahoo Instant Messenger 
yeemp 

ZLink 


Categories 


Vulnerability Categories as defined by our 
service as of March 2017 are listed below. 


Want a current listing? No problem. Just 
log in to your Qualys account, go to the 
KnowledgeBase, click the Search button, 
and open the Category menu. 


Looking for category descriptions? We've 
got you covered. Log in to your Qualys 
account, go to Help > Online Help and 
search for Categories and you'll see the 
article on Vulnerability Categories with all 
the details. 


Tip - In API requests replace spaces in 
category names with underscores. For 
example, Amazon Linux must be specified 
as Amazon_Linux 


AIX 

Amazon Linux 

Backdoors and trojan horses 
Brute Force Attack 

Centos 

CGI 

Cisco 

Database 

Debian 

DNS and BIND 

E-Commerce 

Fedora 

File Transfer Protocol 
Finger 
Firewall 
Forensics 
General remot 
Hardware 
HP-UX 
Information gathering 
Internet Explorer 


services 
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Local 

Mail services 
Malware 

News Server 

NFS 

OEL 

Office Application 
Proxy 

RedHat 


oO 


curity Policy 
MP 
olaris 

B / NETBIOS 
USE 
CP/IP 

buntu 

ware 

Web Application 

Web Application Firewall 
Web server 

Windows 

X-Window 
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VM Remediation Tickets 
Remediation Tickets overview 


VM Remediation Tickets 


List, edit and delete remediation tickets, created using the VM app,in the user's account. 
Remediation Tickets overview 

Ticket Parameters 

View Ticket List 

Edit Tickets 

Delete Tickets 

View Deleted Ticket List 

Get Ticket Information 


Set Vulnerabilities to Ignore on Hosts 


Remediation Tickets overview 


Qualys provides fully secure audit trails that track vulnerability status for all detected 
ulnerabilities. As follow up audits occur, vulnerability status levels - new, active, fixed, 
nd re-opened - are updated automatically and identified in trend reports, giving users 
ccess to the most up-to-date security status. Using Remediation Workflow, Qualys 
utomatically updates vulnerability status in remediation tickets, triggering ticket 
pdates and closure in cases where vulnerabilities are verified as fixed. 


og 


w 


4 co 


cket information includes 


Ticket Due Date - Each ticket has a due date for ticket resolution. The number of days 
allowed for ticket resolution is set as part of the policy rule configuration. Overdue tickets 
are those tickets for which the due date for resolution has passed. 


Ticket state/status - Several events trigger ticket updates as described earlier. Certain 
ticket updates result in changes to ticket state/status as indicated below. 


Open refers to new and reopened tickets. Tickets are reopened in these cases: 1) when the 
service detected vulnerabilities for tickets with state/status Resolved or Closed/Fixed, and 
2) when users or the service reopened Closed/Ignored tickets. 


Resolved refers to tickets marked as resolved by users. 
Closed/Fixed refers to tickets with vulnerabilities verified as fixed by the service. 


Closed/Ignored refers to tickets ignored by users or the service (based on a user policy). 
Also, users can ignore vulnerabilities on hosts. If tickets exist for vulnerabilities set to 
ignore status, the service sets them to Closed/Ignored, and if tickets do not exist for these 
issues the service adds new tickets and changes them to Closed/Ignored. 
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Remediation Tickets overview 


Invalid tickets - Tickets are invalid due to the changing status of the IP address or ticket 
owner. Regarding the IP address, a ticket is marked invalid when the ticket’s IP address is 
removed from the ticket owner’s account (applies to Unit Manager, Scanner, or Reader). 
Regarding the ticket owner, a ticket is marked invalid when the ticket owner's account is 
inactive, deleted, or the user's role was changed to Contact. 
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VM Remediation Tickets 
Ticket Parameters 


Many ticket parameters are available for making API requests to view, update and delete 
active tickets and defining tickets to take actions on. Overdue and Invalid tickets are 
selected automatically, unless otherwise requested. 


- All ticket parameters are optional and valid for these requests: ticket_list.php, 
ticket edit.php and ticket_delete.php. 


- At least one parameter is required. 


- Multiple parameters are combined with a logical “and”. 


Parameter 


Description 


ticket numbers= 
[Inn ,nnn-nnn,...) 


Tickets with certain ticket numbers. Specify one or 
more ticket numbers and/or ranges. Use a dash (-) to 
separate the ticket range start and end. Multiple 
entries are comma separated. 


since_ticket number= 
[value) 


Tickets since a certain ticket number. Specify the 
lowest ticket number to be selected. Selected tickets 
will have numbers greater than or equal to the ticket 
number specified. 


until_ticket_number= 
{value} 


Tickets until a certain ticket number. Specify the 
highest ticket number to be selected. Selected tickets 
will have numbers less than or equal to the ticket 
number specified. 


show_vuln_details={0|1} 


(Parameter is valid with ticket_list-_php request only) 
By default, vulnerability details are not included in the 
ticket list XML output. When set to 1, vulnerability 
details are included. Vulnerability details provide 
descriptions for the threat posed by the vulnerability, 
the impact if exploited, the solution provided by Qualys 
as well as the scan test results (when available). 


Ticket Properties 


ticket_assignee={value} 


ickets with a certain assignee. Specify the user login 


overdue={0|1} 


T 
of an active user account. 
T 


ickets that are overdue or not overdue. When not 
specified, overdue and non-overdue tickets are 
selected. Specify 1 to select only overdue tickets. 


Specify 0 to select only tickets that are not overdue. 


invalid=[0|1) 


Tickets that are invalid or valid. When not specified, 
both valid and invalid tickets are selected. Specify 1 to 
select only invalid tickets. Specify 0 to select only valid 
tickets. You can select invalid tickets owned by other 


£ 


users, not yourself. 
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Description 


states=[state) 


Tickets with certain ticket state/status. Specify one or 
more state/status codes. A valid value is OPEN (for 
state/status Open or Open/Reopened), RESOLVED (for 
state Resolved), CLOSED (for state/status Closed/Fixed), 
or IGNORED (for state/status Closed/Ignored). Multiple 
entries are comma separated. 


To select ignored vulnerabilities on hosts, specify: 
states=IGNORED 


Ticket History 


modified_since_datetime= 
{value} 


Tickets modified since a certain date/time. Specify a 
date (required) and time (optional) since tickets were 
modified. Tickets modified on or after the date/time are 
selected. 


date/time is specified in YYYY-MM-DD[THH:MM:SSZ] 
format (UTC/GMT), like “2006-01-01” or “2006-05- 
25T23:12:002”. 


unmodified_since_datetime 
={value} 


Tickets not modified since a certain date/time. Specify 
a date (required) and time (optional) since tickets were 
not modified. Tickets not modified on or after the 
date/time are selected. 


date/time is specified in YYYY-MM-DD[THH:MM:SSZ] 
format (UTC/GMT), like “2006-01-01” or “2006-05- 
25T23:12:002”. 


Ticket Host Info 


ips=({nnn,nnn-nnn....} 


Tickets on hosts with certain IP addresses. Specify one 
or more IP addresses and/or ranges. Multiple entries 
are comma separated. 


asset_groups=(ag1,ag2....} 


Tickets on hosts with IP addresses which are defined in 
certain asset groups. Specify the title of one or more 
asset groups. Multiple asset groups are comma 
separated. The title “All” may be specified to select all 
IP addresses in the user account. 


dns_contains={value} 


Tickets on hosts that have a NetBIOS host name which 
contains a certain text string. Specify a text string to be 
used. This string may include a maximum of 100 

characters (ascii). 


netbios_contains={value} 


Tickets on hosts that have a NetBIOS host name which 
contains a certain text string. Specify a text string to be 
used. This string may include a maximum of 100 

characters (ascii). 


host_id={value} 


Tickets related to a particular asset when the specific 
HOST_ID is provided. 
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Description 


show_host_id=[0|1) 


When unspecified or show_host_id=0, the Host ID will 
not appear in the XML output. Specify show_host_id=1 
to show the Host ID in the output. 


Vulnerability Info 


vuln_severities={1,2,3,4,5} 


ickets for vulnerabilities with certain severity levels. 
Specify one or more severity levels. Multiple levels are 
comma separated. 


potential_vuln_severities= 
{1,2,3,4,5} 


Tickets for potential vulnerabilities with certain 
severity levels. Specify one or more severity levels. 
Multiple levels are comma separated. 


qids={gid,qid....} 


Tickets for vulnerabilities with certain QIDs (Qualys 
IDs). Specify one or more QIDs. A maximum of 10 QIDs 
may be specified. Multiple QIDs are comma separated. 


vuln_title_contains={value} 


Tickets for vulnerabilities that have a title which 
contains a certain text string. The vulnerability title is 
defined in the KnowledgeBase. Specify a text string. 
This string may include a maximum of 100 characters 
(ascii). 


vuln_details_contains= 
{value} 


rickets for vulnerabilities that have vulnerability 
details which contain a certain text string. 
Vulnerability details provide descriptions for threat, 
impact, solution and results (scan test results, when 
available). Specify a text string. This string may include 
a maximum of 100 characters (ascii). 


vendor_ref_contains= 
{value} 


Tickets for vulnerabilities that have a vendor reference 
which contains a certain text string. Specify a text 
string. This string may include a maximum of 100 
characters (ascii). 


View Ticket List 
/msp/ticket_list.php 


View remediation tickets and related ticket information in the user’s account. 


Basic HTTP authentication is required. Session based authentication is not supported 


using this API. 


Using an account with more than 1,000 tickets (or potentially more than 1,000 tickets), it is 
recommended that you write a script that makes multiple ticket_list_php requests until all 


tickets are retrieved. 


A maximum of 1,000 tickets can be returned from a single ticket_list.php request. If this 
maximum is reached, the function returns a “Truncated after 1,000 records” message at 
the end of the XML output with the last ticket number included. Using an account with 
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more than 1,000 tickets (or potentially more than 1,000 tickets), it is recommended that 
you write a script that makes multiple ticket _list.php requests until all tickets have been 
retrieved. 


Permissions - Managers can view all tickets in the subscription. Unit Managers can view 
tickets for IP addresses in the user’s same business unit. Scanners and Readers can view 
tickets for IP addresses in the user’s own account. 

Input Parameters 

Click here for ticket list input parameters 


Samples 
View Open tickets for owner: 


https://qualysapi.qualys.com/msp/ticket_list.php? 
ticket_assignee=comp_jaé&states=OPEN 


View ticket number range: 
https://qualysapi.qualys.com/msp/ticket list.php? 
ticket _numbers=001800-002800 

View tickets with severity 5 confirmed vulnerabilities: 
https://qualysapi.qualys.com/msp/ticket list.php? 


vuln_severities=5 


View tickets that have been marked as Closed/Fixed or Closed/Ignored since June 1, 2018: 


https://qualysapi.qualys.com/msp/ticket_ list.php?states=CLOSED, IGN 
ORED&modified since datetime=2018-06-01 


List all ignored vulnerabilities in the user’s account” 


https://qualysapi.qualys.com/msp/ticket list.php?asset_ groups= 
Allé&states=IGNORED 


View tickets related to SSH vulnerabilities: 
https://qualysapi.qualys.com/msp/ticket list.php? 
vuln title contains=SSHévuln details contains=SSH 

View Invalid tickets for hosts in the “Desktops” or “Servers” asset groups: 
https://qualysapi.qualys.com/msp/ticket list.php?asset_ groups= 
Desktops, Servers&invalid=1 

View all tickets filtered by Host ID and Show Host ID: 


https://qualysapi.qualys.com/msp/ticket list.php?host id=355311é&sh 
ow_ host _id=1 
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View Overdue tickets assigned to James Adrian (comp_ja) that have not been modified 
since May 30, 2018 at 16:30:00 (UTC/GMT) for vulnerabilities with a severity level of 3, 4 or 
5 and to include vulnerability details in the results: 


https://qualysapi.qualys.com/msp/ticket list.php? 
unmodified since datetime=2018-05-30T16:30:002 
&vuln_severities=3,4,5&overdue=lé&ticket assignee=comp ja 
&show vuln details=1 


DTD 
<platform API server>/ticket_list_output.dtd 


Edit Tickets 
/msp/ticket_edit.php 


Edit remediation tickets in the user’s account. Multiple tickets can be edited at one time in 
bulk. Many ticket parameters are supported for selecting what tickets you'd like to edit. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


Editing tickets can be a time intensive task, especially when batch editing many tickets. To 
ensure best performance, a maximum of 20,000 tickets can be edited in one 
ticket_edit.php request. It’s recommended best practice that you choose to schedule batch 
updates to occur when ticket processing will least impact user productivity. If the 
ticket_edit_php request identifies more than 20,000 tickets to be edited, then an error is 
returned. 


Permissions - Managers can edit all tickets in the subscription. Unit Managers can edit 
tickets for IP addresses in the user’s same business unit. Scanners and Readers do not 
have permissions to edit tickets. 


Input Parameters 
Click here to view ticket parameters for selecting tickets to edit 
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The following parameters are used to define the ticket data to be edited. At least one of 
the following edit parameters is required. 


Parameter 


Description 


change_assignee= 
[value) 


(Optional) Used to change the ticket assignee, specified by 
user login, in all selected tickets. The assignee's account 
must have a user role other than Contact, and the hosts 
associated with the selected tickets must be in the user 
account. 


change_state={value} 


Optional) Used to change the ticket state/status to the 
specified state/status in all selected tickets. A valid value is 
OPEN (for state/status Open and Open/Reopened), 
RESOLVED (for state Resolved), or IGNORED (for 
state/status Closed/Ignored). See “Ticket State/Status 
Transitions” below for information on valid changes. 


add_comment={value} 


Optional) Used to add a comment in all selected tickets. 
The comment text may include a maximum of 2,000 
characters (ascii). 


reopen_ignored_days= 
{value} 


Optional) Used to reopen Closed/Ignored tickets in a set 
number of days. Specify the due date in N days, where N is 
a number of days from today. A valid value is an integer 


£ 


rom 1 to 730. 


When the due date is reached, the ticket state is changed 
from Closed/Ignored to Open, assuming the issue still 
exists, and the ticket is marked as overdue. If the issue was 
resolved at some point while the ticket was in the 
Closed/Ignored state, then the ticket state is changed from 
Closed/Ignored to Closed/Fixed. 


Ticket State/Status Transitions 


The Qualys remediation workflow feature is a closed loop ticketing system for remediation 
management and policy compliance. Users may edit tickets to make certain ticket state 


changes as shown below. 


To State/Status 


From State/Status Open Resolved Closed/Ignored 
Open valid valid valid 

Resolved valid valid valid 
Closed/Ignored valid invalid valid 
Closed/Fixed valid invalid valid 
Samples 


Edit ticket and add comment: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X POST -d 


"ticket _numbers=23456éadd_comment=Host+patched, +ready+fort+re-scan" 
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"https://qualysapi.qualys.com/msp/ticket edit.php?" 
Edit multiple tickets to change the ticket owner to Alice Cook (acme_ac) for tickets since 


ticket number #00215555 (tickets with numbers greater than or equal to #00215555) which 
are marked invalid): 


curl -u "USERNAME : PASSWORD" -H "X-Requested-With: Curl" -X POST -d 
"since ticket_number=00215555&invalid=1&change_assignee=acme_ac" 
"https://qualysapi.qualys.com/msp/ticket edit.php?" 


Edit Open tickets on IP addresses in asset groups “New York” and “London” and change the 
ticket state to Ignored: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X POST -d 
"states=OPEN&asset_ groups=New+York, London&change_ state=IGNORED" 
"https://qualysapi.qualys.com/msp/ticket edit.php?" 


4 


Edit Open tickets unmodified since August 1, 2017 that are assigned to Tim Burke 
(acme_tb) and change the ticket assignee to Alice Cook (acme_ac): 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X POST -d 
"states=OPENé&unmodified since=2017-08-01é&éticket_ assignee=acme_ tb&c 
hange assignee=acme ac" 
"https://qualysapi.qualys.com/msp/ticket edit.php?" 


Reopen all Closed/Ignored tickets on host 10.10.10.120 in 7 days: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X POST -d 
"ips=10.10.10.120&reopen ignored days=7" 
"https://qualysapi.qualys.com/msp/ticket edit.php?" 


DTD 
<platform API server>/ticket_edit_output.dtd 


Delete Tickets 
/msp/ticket_delete.php 


Delete remediation tickets in the user’s account.Multiple tickets can be deleted at one 
time in bulk. Many ticket parameters are supported for selecting what tickets you d like to 
edit. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 
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Deleting tickets can be a time intensive task, especially when batch deleting many tickets. 
To ensure best performance, a maximum of 20,000 tickets can be deleted in one 

ticket delete.php request. It’s recommended best practice that you choose to schedule 
batch updates to occur when ticket processing will least impact user productivity. If the 
ticket delete.php request identifies more than 20,000 tickets to be deleted, then an error is 
returned. 


Permissions - Managers can delete all tickets in the subscription. Unit Managers can 
delete tickets for IP addresses in their same business unit. Scanners and Readers have no 
permissions to delete tickets. 


Input Parameters 
Click here to view ticket parameters for selecting tickets to delete 


Samples 

Delete certain ticket number: 
https://qualysapi.qualys.com/msp/ticket delete.php? 
ticket _numbers=2487 

Delete tickets between ticket #001000 and ticket #002500: 
https://qualysapi.qualys.com/msp/ticket delete.php? 
since ticket _number=1000éuntil_ ticket _number=2500 

Delete Closed/Fixed tickets owned by James Adrian (comp_ja): 


https://qualysapi.qualys.com/msp/ticket delete.php? 
states=CLOSED&ticket_ assignee=comp ja 


Delete tickets on vulnerabilities with an assigned severity level of 1 and potential 
vulnerabilities with an assigned severity level of 1-3: 


https://qualysapi.qualys.com/msp/ticket delete.php? 
vuln_severities=lé&potential vuln severities=1,2,3 


Delete Overdue tickets assigned to James Adrian (comp_ja) that have not been modified 
since July 01, 2018 at 12:00:00 (UTC/GMT) 


https://qualysapi.qualys.com/msp/ticket delete.php? 
unmodified since datetime=2018-07-01T12:00:002 
é&overdue=1l&ticket_assignee=comp ja 


DTD 
<platform API server>/ticket_delete_output.dtd 
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View Deleted Ticket List 
/msp/ticket_list_deleted.php 


View deleted tickets in the user’s account. This function may be run by Managers. The 
functionality provided allows for real-time integration with third-party applications. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 


The XML results returned by the ticket_list_deleted.php function identifies deleted tickets 
by ticket number and deletion date/time. 


A maximum of 1,000 deleted tickets can be returned from a single ticket_list_deleted.php 
request. If this maximum is reached, the function returns a “Truncated after 1,000 
records” message at the end of the XML report with the last ticket number included. 


Permissions - Manager user role is required. 


Input Parameters 


All parameters are optional. At least one parameter is required. Multiple parameters are 
combined with a logical “and”. 


Parameter Description 

ticket numbers= (Optional) Specifies certain ticket numbers. Specify one or 

{nnn,nnn-nnn....} more ticket numbers and/or ranges. Ticket range start and 
end is separated by a dash (-). Multiple entries are comma 
separated. 

since_ticket_number= Optional) Specifies tickets since a certain ticket number. 

{value} Specify the lowest ticket number to be selected. Selected 


tickets will have numbers greater than or equal to the 
ticket number specified. 


until_ticket_number= Optional) Specifies tickets until a certain ticket number. 
{value} Specify the highest ticket number to be selected. Selected 
tickets will have numbers less than or equal to the ticket 
number specified. 
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Parameter Description 
deleted_since_datetime= Optional) Specifies tickets deleted since a certain 
[value) date/time. Specify a date (required) and time (optional) to 


identify this timeframe. Tickets deleted on or after the 
date/time are selected. 
date/time is specified in YYYY-MM-DD[THH:MM:SSZ] 
format (UTC/GMT) like “2006-01-01” or “2006-05- 

25T23:12:002”. 


deleted_before_datetime= Optional) Specifies tickets deleted before a certain 
{value} date/time. Specify a date (required) and time (optional) to 
identify this timeframe. Tickets deleted on or before the 
date/time are selected. 
date/time is specified in YYYY-MM-DD[THH:MM:SSZ] 
format (UTC/GMT) like “2006-01-01” or “2006-05- 

25 T23:12:00Z”. 


Samples 
View tickets deleted in ticket number range: 


https://qualysapi.qualys.com/msp/ticket list deleted.php? 
ticket_numbers=120-200 


View tickets deleted since ticket number: 


https://qualysapi.qualys.com/msp/ticket list deleted.php? 
since ticket _number=400 


View tickets deleted since date: 


https://qualysapi.qualys.com/msp/ticket list deleted.php? 
deleted since datetime=2018-01-01 


DTD 
<platform API server>/ticket_list_deleted_output.dtd 


Get Ticket Information 
/msp/get_tickets.php 


View remediation ticket information from the user’s account that can be integrated with 
third-party applications. Only remediation tickets that the user has permission to view are 
returned in the resulting ticket information report. 


Basic HTTP authentication is required. Session based authentication is not supported 
using this API. 
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Qualys recommends that you run the get_tickets.php function two times a day, so that 
ticket updates due to the latest scan results and user productivity are made available in 
the ticket information reports. 


Permissions - Managers can view all tickets in subscription. Unit Managers can view 
tickets for IP addresses in their same business unit. Scanners and Readers can view tickets 
for IP addresses in their own account. 


Input Parameters 


Parameter Description 
ticket_numbers= (Optional) Specifies ticket numbers for which ticket 
[Inn ,nnn,..) information will be retrieved. Ticket numbers are integers, 


assigned by the service automatically. A maximum of 
1,000 ticket numbers may be specified. Multiple ticket 
numbers are comma separated. 


This parameter or since must be specified. 


since={value} (Optional) Specifies the start date/time of the time 

window for retrieving tickets. Only tickets that have been 
updated within this time window will be retrieved. The 
end date/time of the time window for retrieving tickets is 
the date/time when get_tickets.php is run. 


The start date/time is specified in YYYY-MM- 
DDTHH:MM:SSZ format (UTC/GMT), like 
“2005-01-10T02:33:112”. 


This parameter or ticket_ numbers must be specified. 


state={value} (Optional) Specifies the current state of tickets to be 
retrieved. A valid value is OPEN, RESOLVED, or CLOSED. If 
unspecified, tickets with all states are retrieved. 


vuln_details=(0|1} (Optional) Specifies whether vulnerability details will be 

retrieved. Vulnerability details include a description of the 
threat posed by the vulnerability, the impact if it is 
exploited, a verified solution, and in some cases test 
results returned by the scanning engine. 


By default, vulnerability details will not be retrieved. To 
retrieve vulnerability details, specify vuln_details=1. 


Samples 


Retrieve remediation tickets that have been updated since July 1, 2018 at 
1:00:00 AM (UTC/GMT) and that have any state (Open, Resolved, or Closed): 


https://qualysapi.qualys.com/msp/get_ tickets.php? 
since=2018-07-01T01:00:00Z 


Retrieve remediation tickets 002737, 002738, and 002740 with vulnerability details: 
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https://qualysapi.qualys.com/msp/get tickets.php? 
ticket numbers=002737,002738,002740&vuln_ details=1 


DTD 
<platform API server>/remediation_tickets.dtd 


Set Vulnerabilities to Ignore on Hosts 
/api/2.0/fo/ignore_vuln/index.php 


The ignore_vuln/index.php function is used to ignore or restore (un-ignore) vulnerabilities 
on certain hosts. The ignore status applies to a vulnerability/host pair. Vulnerabilities can 
be set to ignore on hosts so that they do not appear in automatic scan reports, host 
information reports, asset search reports as well as other views in the Qualys user 
interface. 


Both Vulnerabilities and Potential Vulnerabilities may be set to the ignore status on hosts 
in the user’s account. Information Gathered issues cannot be set to the ignore status. Note 
that the following QIDs cannot be set to ignore: 38175 (Unauthorized Service Detected), 
82043 (Unauthorized Open Port Detected), 38228 (Required Service Not Detected) and 
82051 (Required Port Not Detected). 


When making an ignore_vuln/index.php request, you must specify QIDs (up to 10) and 
target hosts. Host selection parameters allow you to specify hosts by IP address, asset 
group, asset tag, DNS host name or NetBIOS host name. 


Target Hosts 


A vulnerability can be set to ignore/restore only on hosts with scan results. If a host was 
previously scanned and then purged, the scan results are removed and no longer 
available. In this case an ignore vulnerability request will have no effect until a re-scan 
populates the host with fresh scan results. 


The ignore/restore request applies to the target hosts at the time of the request. For 
example, if you specify an ignore action on asset groups, the request applies to the 

IP addresses in the asset groups at the time of the request. Subsequently, if an asset group 
is updated with new IP addresses, the new IPs are not set to the ignore status. 


Ignored Status and Tickets 


The ignore/restore actions have an effect on remediation tickets in the user account. 
When you set the ignore status for vulnerabilities on hosts, the service closes associated 
remediation tickets with the ticket state/status of Closed/Ignored. If no ticket exists, anew 
one will be created and closed automatically for tracking purposes as Closed/Ignored. 
When you restore vulnerabilities on hosts, the service automatically reopens the 
associated tickets and sets them to Open/Reopened. 


620 


VM Remediation Tickets 
Set Vulnerabilities to Ignore on Hosts 


The ticket_list.php function allows you to list tickets in the user account and this 
information could be useful for taking actions using ignore_vuln/index.php. For 
example, you could use ticket_list.php to find tickets on certain QIDs in the 
Closed/Ignored state and then use the information returned to make 

ignore _vuln/index.php requests to restore vulnerabilities on certain hosts. 


Permissions 
User permissions for the ignore_vuln/index.php function are described below. 


User Role Permissions 

Manager Ignore/Restore vulnerabilities and potential vulnerabilities 
on all hosts in subscription. 

Unit Manager Ignore/Restore vulnerabilities and potential vulnerabilities 
on hosts in user's business unit. 

Scanner Ignore/Restore vulnerabilities and potential vulnerabilities 


on hosts in user’ when a certain remediation 


policy option is enabled. 


n 


account 


`, 
* 


Reader Ignore/Restore vulnerabilities and potential vulnerabilities 
on hosts in user's account, when a certain remediation 
policy option is enabled. * 


* Scanners and Readers have permission to ignore/restore vulnerabilities when the option 
“Allow Scanners and Readers to mark tickets as Closed/Ignored” is enabled in the 
QualysGuard user interface. A Manager can edit this setting for the subscription. See the 
QualysGuard online help for information. 


Input Parameters 


Pi 


[he parameters for ignore_vuln/index.php are described below. 


P 


[he request parameters are below: 


Parameter Description 


action=ignore|restore A flag indicating an ignore or restore request. When 
unspecified, the action is set to “ignore”. Specify “restore” 
to restore (un-ignore) vulnerabilities. 


Ignore request: Optional 


Restore request: Required 


qids={qid,qid....} Required) Specifies the QIDs (Qualys IDs) to 
ignore/restore. A maximum of 10 QIDs may be specified. 
Multiple QIDs are comma separated. 


comments={value} Required) Specify comments for the action. The 
comments may include a maximum of 255 characters. 
Comments are stored with ignored vulnerabilities, and are 
visible to users in the Qualys user interface. 
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Description 


reopen_ignored_days={valu 
e} 


Optional) Set to reopen ignored vulnerabilities that are 
detected after a number of days (1-730). If the ignored 
vulnerability is reopened by the service, the corresponding 
ticket’s state/status is changed from Closed/Ignored to 
Open/Reopened. 


reopen_ignored_date={date} 


Optional) Set to reopen ignored vulnerabilities that are 
detected after a specified date. If the ignored vulnerability 
is reopened by the service, the corresponding ticket’s 
state/status is changed from Closed/Ignored to 
Open/Reopened. 


The host parameters mentioned below are optional and mutually exclusive (only one may 
be specified per request). At least one parameter must be specified. 


Parameter 


Description 


asset_groups=(ag1,ag2,...} 


(Optional) Selects hosts by asset group. The hosts included 
in the one or more asset groups provided are selected. A 
maximum of 5 asset group titles may be specified. The 
asset group title “All” as defined in the Qualys user 
interface may be specified. Multiple asset groups are 
comma separated. 


This parameter or another host selection parameter is 
required. 


ips={nnn, nnn-nnn....} 


(Optional) Selects hosts by IP address. Enter one or more 
IP addresses and/or ranges. Multiple entries are comma 

separated. The parameter value may include a maximum 
of 512 characters (ascii). 


This parameter or another host selection parameter is 
required. 


network_id={value} 


(Optional) Only valid when the networks feature is 
enabled. The network ID for the record. 


This parameter or another host selection parameter is 
required. 


tag_set_include={value} 


(Optional) Specify a tag set to include. Hosts that match 
these tags will be included. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. 


This parameter or another host selection parameter is 
required. 


tag_set_exclude={value} 


(Optional) Specify a tag set to exclude. Hosts that match 
these tags will be excluded. You identify the tag set by 
providing tag name or IDs. Multiple entries are comma 
separated. 


This parameter or another host selection parameter is 
required. 
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Description 


tag set_by=[id|name) 


(Optional) Specify “id” (the default) to select a tag set by 
providing tag IDs. Specify “name” to select a tag set by 
providing tag names. 


This parameter or another host selection parameter is 
required. 


tag_include_selector= 
{alllany} 


(Optional) Select “any” (the default) to include hosts that 
match at least one of the selected tags. Select “all” to 
include hosts that match all of the selected tags. 


This parameter or another host selection parameter is 
required. 


tag_exclude_selector= 
{alllany} 


(Optional) Select “any” (the default) to exclude hosts that 
match at least one of the selected tags. Select “all” to 
exclude hosts that match all of the selected tags. 


This parameter or another host selection parameter is 
required. 


use_ip_nt_range_tags_inclu 


de=(0|1} 


(Optional) Specify “0” (the default) to select from all tags 
(tags with any tag rule). Specify “1” to scan all IP addresses 
defined in tag selection. When this is specified, only tags 
with the dynamic IP address rule called “IP address in 
Network Range(s)” can be selected. 


This parameter or another host selection parameter is 
required. 


use_ip_nt_range_tags_exclu 


de=(0|1} 


(Optional) Specify “0” (the default) to select from all tags 
(tags with any tag rule). Specify “1” to exclude all IP 
addresses defined in tag selection. When this is specified, 
only tags with the dynamic IP address rule called “IP 
address in Network Range(s)” can be selected. 


This parameter or another host selection parameter is 
required. 


dns_contains={value} 


(Optional) Selects hosts by DNS host name. Specify a text 
string contained in one or more DNS host names. The text 
string may include a maximum of 100 characters (ascii). 


This parameter or another host selection parameter is 
required. 


netbios_contains={value} 


(Optional) Selects hosts by NetBIOS host name. Specify a 
text string contained in one or more NetBIOS host names. 
The text string may include a maximum of 100 characters 
(ascii). 


[his parameter or another host selection parameter is 
required. 


Samples 


To ignore QID 19070 “MS-SQL 8.0 UDP Slammer Worm Buffer Overflow Vulnerability” for 
the hosts in asset group “New York”, use a URL like this: 
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https://qualysapi.qualys.com/api/2.0/fo/ignore vuln/index.php?acti 
on=ignoreé&qids=19070&éasset_groups=New+Yorkécomments=securitytpolic 


y 


To restore (un-ignore) QIDs 90305 and 100035 on IP address 10.10.10.33 and IP range 
10.10.10.100-10.10.10.120, use a URL like this: 


https://qualysapi.qualys.com/api/2.0/fo/ignore vuln/index.php?acti 
on=restoreé&qids=90305,100035éips=10.10.10.33,10.10.10.100-10.10.10 
.120&comments=request+by+GStevenson 


If there are ignored vulnerabilities in your account, you can list all ignored vulnerabilities 
in the account using the ticket_list.php function as shown in the following URL: 


https://qualysapi.qualys.com/msp/ticket list.php?asset_ groups= 
Allé&states=IGNORED 


DTD 
<platform API server>/api/2.0/dtd/fo/ignore_vuln_output.dtd 
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Compliance 


Manage compliance policies, exceptions and reports. Policy Compliance (PC) is required. 
Compliance Control List 

Compliance Policy List 

Compliance Policy - Export 

Compliance Policy - Import 


Compliance Policy - Merge 


Compliance Policy - Manage Asset Groups 
Compliance Posture Information 


PC Posture Streaming APIs 


Exceptions 

SCAP Cyberscope Report 
SCAP ARF Report 

SCAP Policy List 
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Compliance Control List 
/api/2.0/fo/compliance/control/?action=list 
[GET] [POST] 


View a list of compliance controls which are visible to the user. Controls in the XML output 
are sorted by control ID in ascending order. Optional input parameters support filtering 
the list. 


Using the Qualys user interface, it’s possible to customize the list of frameworks at the 
subscription level. Under PC, go to Policies > Setup > Frameworks to customize the 
frameworks list. If the frameworks list is customized for your subscription, then the 
customized list of frameworks will appear in the controls list output returned by a control 
list API request. 


Permissions 


Note: The Compliance Control APIs are available as part of one of the following 
subscription combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 


Users with PC enabled have the ability to view compliance controls. 


Maximum Controls per API Request 


The output of the Compliance Control API is paginated. By default, a maximum of 1,000 
control records are returned per request. You can customize the page size (i.e. the number 
of control records) by using the parameter “truncation_limit=2000” for instance. In this 
case the results will be return with pages of 2,000 records. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} (Optional) Show (echo) the request input parameters (names and 


values) in the XML output. When not specified, parameters are 
not included in the XML output. Specify 1 to view parameters in 
the XML output. 
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Description 


details={Basic|All|None} 


(Optional) Show the requested amount of information for each 
control. A valid value is: 


None - show control ID only 


Basic (default) - show control ID and basic control information: 
the control category, sub-category, statement, and technology 
information 


All - show control ID, basic control information, and framework 
mappings 


ids={value} 


(Optional) Show only certain control IDs and/or ID ranges. 
Multiple entries are comma separated. One or more control 
IDs/ranges may be specified. A control ID range entry is specified 
with a hyphen (for example, 3000-3250). Valid control IDs are 
required. 


id_min={value} 


(Optional) Show only controls which have a minimum control ID 
value. A valid control ID is required. 


id_max={value} 


(Optional) Show only controls which have a maximum control ID 
value. A valid control ID is required. 


updated_after_datetime= 
value} 


(Optional) Show only controls updated after a certain date/time. 
See “] ilters” below. 


Tj 


Date 


created_after_datetime= 
value} 


(Optional) Show only controls created after a certain date/time. 
See “] 


Date Filters” below. 


truncation_limit={value} 


(Optional) The maximum number of control records processed 
per request. When not specified, the truncation limit is set to 
1,000 host records. You may specify a value less than the default 
(1-999) or greater than the default (1001-1000000). 


If the requested list identifies more records than the truncation 
limit, then the XML output includes the <WARNING> element 
and the URL for making another request for the next batch of 
records. 


You can specify truncation_limit=0 for no truncation limit. This 
means that the output is not paginated and all the records are 
returned in a single output. WARNING: This can generate very 
large output and processing large XML files can consume a lot of 
resources on the client side. In this case it is recommended to use 
the pagination logic and parallel processing. The previous page 
can be processed while the next page is being downloaded. 


Date Filters 


The date/time is specified in YYYY-MM-DD{THH:MM:SSZ] format (UTC/GMT), like “2010- 
03-01” or “2010-03-01T23:12:00Z” 


If you specify a date but no time as for example 2010-03-01, then the service 
automatically sets the time to 2010-03-01T00:00:00Z (the start of the day). 
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When date filters are specified using both input parameters for a single API request, both 
date filters are satisfied (ANDed). 

DTD 

<platform API server>/api/2.0/fo/compliance/control/control_list_output.dtd 


Sample - Control List Output 
This sample control list output was produced for CID 1044 with details=Basic. 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE CONTROL LIST OUTPUT SYSTEM 
"https://qualyspapi.qualys.com/api/2.0/fo/compliance/control/contr 
ol list _output.dtd"> 


<CONTROL LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2010-03-16T22:53:05Z</DATETIME> 
<CONTROL LIST> 
<CONTROL> 
<ID>1044</ID> 
<UPDATE DATE>2010-02-12T00:00:00Z</UPDATE DATE> 


<CREATED DATE>2007-10-12T00:00:00Z</CREATED DATE> 
<CATEGORY>Access Control Requirements</CATEGORY> 
<SUB_CATEGORY><! [CDATA [Authorizations (Multi-user 
ACL/role) ]]></SUB_CATEGORY> 
<STATEMENT><! [CDATA[Status of the 
'O7 DICTIONARY ACCESSIBILITY' setting in init.ora (ORACLE Data 
Dictionary) ] ]></STATEMENT> 
<TECHNOLOGY_LIST> 
<TECHNOLOGY> 
<ID>7</ID> 
<NAME>Oracle 9i</NAME> 
<RATIONALE><! [CDATA[The "O7 DICTIONARY ACCESSIBILITY" 
setting allows control/restrictions to be placed on the user's 
SYSTEM privileges. If this parameter is set to TRUE, SYS schema 
access will be allowed, which is the default for Oracle operations. 
Restricting this system privilege with a setting of FALSE will 
allow users or roles granted SELECT ANY TABLE access to objects in 
the normal schema, but disallow access to objects in the SYS 
schema, unless access is specifically granted. ]]></RATIONALE> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>8</ID> 
<NAME>Oracle 10g</NAME> 
<RATIONALE><! [CDATA[The "O7 DICTIONARY ACCESSIBILITY" 
setting allows control/restrictions to be placed on the user's 
SYSTEM privileges. If this parameter is set to TRUE, SYS schema 


T 


Eal 
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access will be allowed, which is the default for Oracle operations. 


= 


Restricting this system privilege with a setting of FALSE will 
allow users or roles granted SELECT ANY TABLE access to objects in 


the normal schema, 


but disallow access to objects in the SYS 


schema, unless access is specifically granted.]]></RATIONALE> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>9</ID> 


<NAM 
<RATIONALI 


E>Oracle 11g</NAME> 
E><![CDATA[The "O7 DICTIONARY ACCESSIBILITY" 


setting allows control/restrictions to be placed on the user's 
SYSTEM privileges. If 
access will be allowed, which is the default for Oracle operations. 


this parameter is set to TRUE, SYS schema 


= 


Restricting this system privilege with a setting of FALSE will 
allow users or roles granted SELECT ANY TABLE access to objects in 


the normal schema, 


but disallow access to objects in the SYS 


schema, unless access is specifically granted. ]]></RATIONALE> 


</ T! 


ECHNOLOGY> 


</TECHNOLOGY LIST> 
</CONTROL> 


<CONTRO 


L> 


<ID>1045</ID> 


<UPDATE DATE>2010-03-03T00:00:00Z</UPDATE DATE> 


<CREATED DATE>2007-10-12T00:00:00Z</CREATED DATE> 


<CATEGO 


RY>OS Security Settings</CATEGORY> 


<SUB CATEGORY><! [CDATA[System Settings (OSI layers 6-7) ]]> 


</SUB_CATEGORY> 


<STAT 


EMENT><! 


(Guidance = 


<T] 


[CDATA [Status of the 'Clipbook' service 


Disabled) ]]></STATEMENT> 
<TECHNOLOGY LIST> 
EK CHNOLOGY> 


<ID>1</ID> 
<NAME>Windows XP desktop</NAME> 
<RATIONALE><! [CDATA[The 'Clipbook' service is used to 


transfer Clipboard information across the LAN and is sent in clear 


text. The au 


"Network Dynamic Data 
password among systems sharing the LAN, with a default set allow 


thentication required is a holdover from the 16-bit 


Exchange! protocol, which is a 'network' 


READ for EVERYONE that has network access. As this Windows service 


is not required for any other system operations and increases 


system vulnerability it should be disabled unless there is a 


demonstrated need for its use set by the business.]]></RATIONAL 
ECHNOLOGY> 

CHNOLOGY> 

ID>2</ID> 

E>Windows 2003 Server</NAME> 


</T 
<TE 


< 
< 
< 


NAM 


RATIONAL 


eal 
V 


F><! [CDATA[The 'Clipbook' service is used to 
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transfer Clipboard information across the LAN and is sent in clear 
text. The authentication required is a holdover from the 16-bit 
"Network Dynamic Data Exchange' protocol, which is a 'network' 
password among systems sharing the LAN, with a default set allow 
READ for EVERYONE that has network access. As this Windows service 
is not required for any other system operations and increases 
system vulnerability it should be disabled unless there is a 
demonstrated need for its use set by the business.]]></RATIONAL 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>12</ID> 
<NAME>Windows 2000</NAME> 
<RATIONALE><! [CDATA[The 'Clipbook' service is used to 
transfer Clipboard information across the LAN and is sent in clear 
text. The authentication required is a holdover from the 16-bit 
"Network Dynamic Data Exchange' protocol, which is a 'network' 
password among systems sharing the LAN, with a default set allow 
READ for EVERYONE that has network access. As this Windows service 
is not required for any other system operations and increases 
system vulnerability it should be disabled unless there is a 
demonstrated need for its use set by the business.]]></RATIONAL 
</TECHNOLOGY> 
</CONTROL_LIST_OUTPUT> 


eal 
V 


eal 
V 


Updates you'll see once Agent UDC support is available 


New Agent UDC Support will be announced soon via the Qualys Technology blog once 
remaining components are released. 


The XML output may include the USE_LAGENT_ONLY element for these Windows and Unix 
control types: Directory Search Control and Directory Integrity Control. This is set to 1 
when the “Use agent scan only” option is enabled for the control. 


The XML output may include the AUTO_UPDATE element for these Windows and Unix 
control types: File Integrity Control and Directory Integrity Control. This is set to 1 when 
the “Auto update expected value” option is enabled for the control. 


Option to disable the case-sensitive search in Unix agent UDCs (Directory Search and 
Directory Integrity) is available. Once the <DISABLE_CASE SENSITIVE_SEARCH> 
parameter is enabled (true), the search result lists all possible combinations in the upper 
and/or lower case file name. By default, this option is disabled (false) which lists result 
with case-sensitive file name. 


Sample - Control List Output when Agent UDC Support is available 


<?xml version="1.0" encoding="UTF-8" ?> 

<! DOCTYPE CONTROL LIST OUTPUT SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/control list_ 

output.dtd"> 

<CONTROL LIST OUTPUT> 
<RESPONSE> 
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<DATETIME>2018-10-05T10:23:54Z</DATETIME> 
<CONTROL LIST> 
<CONTROL> 
<ID>100023</ID> 
<UPDATE DATE>2018-11-16T06:27:14Z</UPDATE DATE> 


<CREATED DATE>2018-11-16T06:27:14Z</CREATED DATE> 
<CATEGORY>Access Control Requirements</CATEGORY> 
<SUB_CATEGORY><! [CDATA[Account Creation/User 
Management] ]></SUB_CATEGORY> 
<STATEMENT><! [CDATA[Directory Integrity Check] ] ></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [SERIOUS] ] ></LABEL> 
<VALUE>3</VALUE> 
</CRITICALITY> 
<CHECK_ TYPE><! [CDATA[Windows Directory Integrity 
Check] ]></CHECK_TYPE> 
<COMMENT><! [CDATA[test] ] ></COMMENT> 
<USE_AGENT ONLY>1</USE_ AGENT ONLY> 
<AUTO_UPDATE>1</AUTO_UPDATE> 
<IGNORE ERROR>0</ IGNORE ERROR> 
<CRITICALITY> 


Q 


Database UDC for MS SQL, Oracle, Sybase, PostgreSQL/Pivotal Greenplum, SAP IQ, 
and IBM DB2 

You can create custom controls for MSSQL, Oracle, Sybase, PostgreSQL/Pivotal Greenplum, 
SAP IQ, and IBM DB2 databases. To support database controls, we've added new elements 
to the XML output and DTDs for Control List Output and Policy Export Output. 


Sample - Control List API for MS SQL 
API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" 
-d "action=list&details=All&ids=100022" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/"> 
MSSQLControlAPI.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE CONTROL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/contro 
l list _output.dtd"> 
<CONTROL LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2019-05-08T18:31:17Z</DATETIME> 
<CONTROL LIST> 
<CONTROL> 
<ID>100022</ID> 

<UPDATE_DATE>2019-05-08T18:31:082Z</UPDAT 


+ 


| DATE> 
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<CREATED DATE>2019-04-29T20:21:11Z</CREATED DATE> 
<CATEGORY>Access Control Requirements</CATEGORY> 
<SUB CATEGORY><! [CDATA [Account Creation/User 
Management]]></SUB CATEGORY> 
<STATEMENT><! [CDATA[CustomerData]]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [URGENT] ]></LABEL> 
<VALUE>5</VALUE> 
</CRITICALITY> 
<CHECK TYPE><! [CDATA[MSSQL Database Check] ]></CHECK_TYP 
<COMMENT><! [CDATA[testComment ] ] ></COMMENT> 
<IGNORE ERROR>1</IGNORE_ERROR> 
R SET STATUS>PASS</ERROR_ SET STATUS> 
<TECHNOLOGY LIST> 
<TECHNOLOGY> 
<ID>22</ID> 
<NAME>Microsoft SQL Server 2008</NAM 
<RATIONALE><! [CDATA[select all from 
customer] ] ></RATIONALE> 
<DB QUERY><! [CDATA[select * from 
customers; ]]></DB_QUERY> 
<DESCRIPTION><! [CDATA[select all the rows from 
customers] ]></DESCRIPTION> 


= 


eal 
V 


Fl 
V 


An D| 


o FI 


</TECHNOLOGY> 
</TECHNOLOGY_LIST> 

</CONTROL> 
</CONTROL_LIST> 
</RESPONSE> 
</CONTROL LIST OUTPUT> 


Sample - Control List API for Oracle 
API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" 
-d "action=listédetails=Allé&éids=100060" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/"> 
OracleControlAPI.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE CONTROL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/contro 
l list _output.dtd"> 
<CONTROL LIST OUTPUT> 

<RESPONSE> 
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<DATETIME>2019-05-08T18:32:462</DATETIME> 


<CONTROL_LIST> 
<CONTROL> 
<ID>100060</ID> 


<UPDATE DATE>2019-05-08T18:32:04Z</UPDATE DATE> 
<CREATED DATE>2019-05-03T19:32:18Z</CREATED DATE> 
<CATEGORY>Database Settings</CATEGORY> 
<SUB_CATEGORY><! [CDATA[DB Access Controls] ]></SUB_CATEGORY> 


= 
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<STATEMENT><! [CDATA[OracleselectAllCustomerData] ]></STATEM 


<CRITICALITY> 
<LABEL><! [CDATA [MINIMAL 
<VALUE>1</VALUE> 

</CRITICALITY> 


<CHECK TYPE><! [CDATA[Oracle Database Check] ]></CH 


ENT> 


]]></LABEL> 


<COMMENT><! [CDATA [Gather All Data ]]></COMMENT> 


zs 


<IGNORE ERROR>1</IGNOR 
<ERROR _ 
<TECHNOLOGY LIST> 
<TECHNOLOGY> 
<ID>7</ID> 


_ERROR> 
SET_STATUS>FAIL</ERROR_SET_STATUS> 


<NAME>Oracle 9i</NAME> 


<RATIONALE><! [CDATA[GatherAllData] ]></RATIONA 


ECK TYPE> 


E> 


<DB QUERY><! [CDATA[SELECT * FROM Customers WHERE 


>= 3;]]></DB QUERY> 
ESCRIPTION><! [CDATA 
data] ]></DESCRIPTION> 


</TECHNOLOGY> 
<TECHNOLOGY> 

<ID>8</ID> 
<NAME>Oracle 10g</NAM 


[select all the 


F> 


<RATIONALE><! [CDATA[GatherAllData]]></RATIONAL 


<DB QUERY><! [CDATA[select * from 


Customers; ]]></DB_QUERY> 
<DESCRIPTION><! [CDATA 
data] ]></DESCRIPTION> 


</TECHNOLOGY> 


</RESPONSE> 
</CONTROL LIST OUTPUT> 
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Sample - Control List API for Sybase 


API request: 


curl 


-u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" 


-d "action=listédetails=Alléids=100947" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE CONTROL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/contro 


1 Tist o 


G 


tput.dtd"> 


<CONTROL LIST OUTPUT> 


<REQ 


UEST> 
<DATETIME>2020-03-21T05:29:102</DATETIME> 
<USER_LOGIN>quays_sp1</USER LOGIN> 


<RESOURCE>https://qualysapi.qualys.com/api/2.0/fo/compliance/contr 


o1/</RESOURCE> 


</REQUEST> 
<RESPONSE> 


<PARAM LIST> 
<PARAM> 
<KEY>action</KEY> 
<VALUE>1list</VALU 
</PARAM> 
<PARAM> 
<KEY>ids</KEY> 
<VALUE>100947</VALU 
</PARAM> 
<PARAM> 
<KEY>echo_request</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
</PARAM LIST> 


ea 
V 


eal 
V 


<DATETIME>2020-03-21T05:29:102</DATETIME> 
<CONTROL LIST> 
<CONTROL> 
<ID>100947</ID> 
<UPDATE_DATE>2020-03-20T15:05:35Z</UPDATE | 
<CREATED DATE>2020-03-18T05:50:27Z</CREATED DATE> 
<CATEGORY>Access Control Requirements</CATEGORY> 
<SUB_ CATEGORY> 
<! [CDATA [Account Creation/User Management] ]> 
</SUB_CATEGORY> 
<STATEMENT> 


UO 
D 
H 
V 
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<! [CDATA [sybase db udc]]> 
</STATEMENT> 
<CRITICALITY> 
<LABEL> 
<! [CDATA [UNDEFINED] ]> 
</LABEL> 
<VALUE>0</VALU 
</CRITICALITY> 
<CHECK TYPE> 
<! [CDATA [Sybase Database Check] ]> 
ECK TYPE> 


eal 
V 


CDATA[]]> 


T 


<IGNORE_ERROR>0</IGNORE_ERROR> 
<ERROR_ SET STATUS></ERROR_ SET STATUS> 
<TECHNOLOGY_LIST> 
<TECHNOLOGY> 
<ID>69</ID> 
<NAME>Sybase ASE 15</NAM 
<RATIONALE> 
<![CDATA[select db name() as dbname, 


<] 


Fl 
V 


s.name as segment name, 

t.free space as free space pages, 

case t.status when 1 then 'LAST CHANCE' else 'OTHER' end as status, 
t.proc_ name, suser name(t.suid) as owner 


from syssegments s, systhresholds t 
where t.segment = s.segment]]> 
</RATIONALE> 


<DB_ QUERY> 
<![CDATA[select db name() as dbname, 


S.name as segment name, 
t.free space as free space pages, 
case t.status when 1 then 'LAST CHANCE' else 'OTHER' end 


as status, 


t.proc_ name, suser name(t.suid) as owner 
from syssegments s, systhresholds t 
where t.segment = s.segment] ]> 
</DB_QUERY> 
<DESCRIPTION> 
<![CDATA[select db name() as dbname, 


S.name as segment name, 
t.free space as free space pages, 
case t.status when 1 then 'LAST CHANCE' else 'OTHER' end 


as status, 


t.proc_ name, suser name(t.suid) as owner 
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from syssegments s, systhresholds t 
where t.segment = s.segment] ]> 
</DESCRIPTION> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>116</ID> 
<NAME>SAP Adaptive Server Enterpris 


16</NAM 


Fl 
V 


<RATIONALE> 
<![CDATA[select db name() as dbname, 


S.name as segment name, 

t.free space as free space pages, 

case t.status when 1 then 'LAST CHANCE' else 'OTHER' end as status, 

t.proc_ name, suser name(t.suid) as owner 

from syssegments s, systhresholds t 

where t.segment = s.segment]]> 
</RATIONAL 
<DB_ QUERY> 

<![CDATA[select db name() as dbname, 


eal 
V 


s.name as segment name, 
t.free space as free space pages, 
case t.status when 1 then 'LAST CHANCE' else 'OTHER' end 


as status, 
t.proc_ name, suser name(t.suid) as owner 


from syssegments s, systhresholds t 


where t.segment = s.segment] ]> 
</DB_QUERY> 
<DESCRIPTION> 
<![CDATA[select db name() as dbname, 


s.name as segment name, 
t.free space as free space pages, 
case t.status when 1 then 'LAST CHANCE' else 'OTHER' end 


as status, 
t.proc_ name, suser name(t.suid) as owner 


from syssegments s, systhresholds t 


where t.segment = s.segment] ]> 
</DESCRIPTION> 
</TECHNOLOGY> 
</TECHNOLOGY_ LIST> 
</CONTROL> 
</CONTROL_LIST> 
</RESPONSE> 
</CONTROL_LIST_OUTPUT> 


= 


636 


Sample - Control List API for PostgreSQL/Pivotal Greenplum 


API request: 


"US 


curl -u 


ERNAM 


F: PASSWORD" 


-d 


-H "X-Requested-With: Curl" 
"action=listédetails=Al1&ids=101335" 
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=X. "POST" 


"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/" 


XML output: 
XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE CONTROL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/contro 
T list _output.dtd"> 
<CONTROL LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2020-10-15T16:59:132</DATETIME> 
<CONTROL_LIST> 
<CONTROL> 
<ID>101335</ID> 
<UPDATE DATE>2020-10-14T20:11:29Z</UPDATE DATE> 
<CREATED DATE>2020-10-14T19:46:01Z</CREATED DATE> 
<CATEGORY>Access Control Requirements</CATEGORY> 
<SUB_CATEGORY><! [CDATA [Account Creation/User 
Management] ]></SUB_CATEGORY> 
<STATEMENT><! [CDATA[prePostGreSQL selectStatement] ] ></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [URGENT] ]></LABEL> 
<VALUE>5</VALUE> 
</CRITICALITY> 
<CHECK TYPE><! [CDATA[PostgreSQL Database 
Check] ]></CHECK_TYPE> 
<COMMENT><! [CDATA [comments] ] ></COMMENT> 
<IGNORE_ERROR>0</IGNORE_ERROR> 
<ERROR_ SET STATUS></ERROR_SET STATUS> 
<TECHNOLOGY_LIST> 
<TECHNOLOGY> 
<ID>114</ID> 
<NAME>PostgreSQL 9.x</NAME> 
<RATIONALE><! [CDATA[Rationale] ]></RATIONALE> 


< 


pg catalog.pg settings where 
name='log min dura 
<D 
</TECHNOLOGY> 
<TECHNOLOGY> 
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DB QUERY><! [CDATA[select name, 


tion _statement']]></DB_QUERY> 


setting from 


ESCRIPTION><! [CDATA [Description] ] ></DESCRIPTION> 
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<ID>143</ID> 

<NAME>PostgreSQL 10.x</NAME> 
<RATIONALE><! [CDATA [Rationale] ]></RATIONALE> 
<DB QUERY><! [CDATA[select name, setting from 


pg catalog.pg settings where 
name='log min duration _statement']]></DB_QUERY> 
<DESCRIPTION><! [CDATA [Description] ]></DESCRIPTION> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>192</ID> 
<NAME>PostgreSQL 11.x</NAME> 
<RATIONALE><! [CDATA[Rationale] ]></RATIONALE> 
<DB_QUERY><![CDATA[select name, setting from 
pg catalog.pg settings where 
name='log min duration _statement']]></DB_QUERY> 
<DESCRIPTION><! [CDATA [Description] ]></DESCRIPTION> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>201</ID> 
<NAME>Pivotal Greenplum 5.x</NAME> 
<RATIONALE><! [CDATA[Rationale] ]></RATIONALE> 
<DB QUERY><! [CDATA[select name, setting from 


pg catalog.pg settings where 
name='log min duration _statement']]></DB_QUERY> 
<DESCRIPTION><! [CDATA [Description] ]></DESCRIPTION> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>228</ID> 
<NAME>PostgreSQL 12.x</NAME> 
<RATIONALE><! [CDATA[Rationale] ]></RATIONALE> 
<DB_ QUERY><![CDATA[select name, setting from 
pg catalog.pg settings where 
name='log min duration _statement']]></DB_QUERY> 
<DESCRIPTION><! [CDATA [Description] ]></DESCRIPTION> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>230</ID> 
<NAME>Pivotal Greenplum 6.x</NAME> 
<RATIONALE><! [CDATA[Rationale] ]></RATIONALE> 
<DB_QUERY><![CDATA[select name, setting from 
pg catalog.pg settings where 
name='log min duration _statement']]></DB_QUERY> 
<DESCRIPTION><! [CDATA [Description] ]></DESCRIPTION> 
</TECHNOLOGY> 
</TECHNOLOGY_ LIST> 
</CONTROL> 
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</CONTROL_LIST> 


</RESPONSE> 
</CONTROL_LIS 


T OUTPUT> 


Sample - Control List API for IBM DB2 


API Request: 


curl =ü 


"USERNAME : PASSWORD" 


-d 
"h 


"action=li 


XML Output: 


<?xml version 
<!DOCTYPE CON 
"h 
l list output 
<CONTROL LIST 
<RESPONSE> 
<DATETIME 


st&ids=100010" 


="1.0" encoding="UTF-8" 
TROL LIST OUTPUT SYSTEM 


?> 


¿td "> 


| OUTPUT> 


-H "X-Requested-With: Curl" 


>2021-06-22T11:14:08Z2</DATET 


IME> 


IST> 


<CONTROL_ 


<CONTRO 
<ID>1 
<UPDA 


L> 
00010</ID> 


<CREA 


<CATE 


Controls]]></ 
<STAT 
<CRIT 


<LABE 


TED 


DATE>2021-06-22T08:24:272Z</CR 
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-X "POST" 


ttps://qualysapi.qualys.com/api/2.0/fo/compliance/control/" 


ttps://qualysapi.qualys.com/api/2.0/fo/compliance/control/contro 


TE DATE>2021-06-22T08:24:272Z</UPDATE DATE> 


EATED DATE> 


GORY>Da 


SUB CATEGORY> 


EMENT><! [CDATA[db2 statemen 


ICALITY> 
><! [CDATA [SERIOUS] ] ></LAB 


tabase Settings</CATEGORY> 
<SUB_CATEGORY><! [CDATA[DB Access 


<VA 


</CRITICALITY> 


<CHEC 


E>3</VALUE> 


K TYPE><![C 
! [CDATA [comment 
ERROR>1</IGNORE 


ERROR> 


<TECHNOLOGY LIST> 


<TECHNO 


OGY> 


< 


<NAME>IBM 


< 
< 
sysadmin] ]></ 
< 


ID>40</ID> 
DB2 9.x</NAME> 


DB QUERY> 


descprition] ]></DESCRIPTION> 


ECHNOLOGY> 


</ T] 
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EL> 


RATIONALE><! [CDATA[db2 udc rationale] ]></RATIONAL 
DB QUERY><! [CDATA[select * from 


U 
DESCRIPTION><! [CDATA[test db2 udc 


t] ]></STATEMENT> 


DATA[DB2 Database Check] ]></CHECK_TYPE> 
for db2 udc] ]></COMMENT> 


ET STATUS>FAIL</ERROR_ SET STATUS> 


eal 
V 
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<TECHNOLOGY> 
<ID>93</ID> 
<NAME>IBM DB2 10.x</NAME> 
<RATIONALE><! [CDATA[db2 udc rationale] ]></RATIONAL 
<DB_QU 
sysadmin] ]></DB QU 
R 


ea) 
V 


<DESCRIPTION><! [CDATA[test db2 udc 
descprition]]></DESCRIPTION> 
</TECHNOLOGY> 
<TECHNOLOGY> 


<ID>142</ID> 
<NAME>IBM DB2 11.x</NAME> 
<RATIONALE><! [CDATA[db2 udc rationale] ]></RATIONALE> 
<DB_QUERY><! [CDATA[select * from 
sysadmin] ]></DB_QUERY> 
<DESCRIPTION><! [CDATA[test db2 udc 
descprition] ]></DESCRIPTION> 
</TECHNOLOGY> 


</TECHNOLOGY_LIST> 
</CONTROL> 
</CONTROL_LIST> 
</RESPONSE> 
</CONTROL LIST OUTPUT> 


Sample - Control List API for File Content Check 
API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" 
-d 

"action=listé&echo request=1é&ids=100006,100000,100026é&details=Al1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/"> 
control list.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE CONTROL LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/contro 
l list _output.dtd"> 
<CONTROL LIST OUTPUT> 

<REQUEST> 

<DATETIME>2019-10-14T21:17:21Z</DATETIME> 

<USER_LOGIN>username</USER_LOGIN> 
<RESOURCE>https://qualysapi.qualys.com/api/2.0/fo/compliance/contr 
o1/</RESOURCE> 
<PARAM LIST> 

<PARAM> 
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<KEY>action</KEY> 
<VALUE>1list</VALU 
</PARAM> 
<PARAM> 
<KEY>echo_request</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>ids</KEY> 
<VALUE>100006, 100000, 100026</VALU 
</PARAM> 
<PARAM> 


zal 
V 


ea 
V 


<KEY>details</KEY> 
<VALUE>A11</VALUE> 
</PARAM> 
</PARAM LIST> 
</REQUEST> 
<RESPONSE> 
<DATETIME>2019-10-14T21:17:21Z</DATETIME> 
<CONTROL_LIST> 
<CONTROL> 
<ID>100000</ID> 


<UPDATE_DATE>2019-10-10T21:54:35Z</UPDATE DATE> 
<CREATED DATE>2019-10-08T19:16:02Z</CREATED DATE> 
<CATEGOR 


Y>Access Control Requirements</CATEGORY> 
<SUB CATEGORY><! [CDATA[Account Creation/User 
Management] ]></SUB_CATEGORY> 
<STATEMENT><! [CDATA [preFCCUDC] ] ></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [min] ] ></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<CHECK TYPE><! [CDATA[Windows File Content 
Check] ]></CHECK TYPE> 
<COMMENT><! [CDATA[] ] ></COMMENT> 
<IGNORE_ERROR>0</IGNORE_ERROR> 
<IGNORE ITEM NOT _FOUND>0</IGNORE ITEM NOT FOUND> 
<SCAN PARAMETERS> 
<PATH_ TYPE><! [CDATA[Use file search] ]></PATH TYPE> 
<FILE QUERY><! [CDATA[QWEB*]]></FILE QUERY> 
<BASE_DIR><! [CDATA[c:\]]></BASE_DIR> 
<DEPTH LIMIT><! [CDATA[3]]></DEPTH LIMIT> 


E 


T 


U 


T 


Gl 


<FILE NAME MATCH><! [CDATA[preTest2.txt]]></FILE NAME MATCH> 
<FILE NAME SKIP><! [CDATA[]]></FILE NAME SKIP> 
<DIR NAME MATCH><! [CDATA[*]]></DIR_NAME MATCH> 
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Check]]></C 
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<DIR NAME SKIP><! [CDATA[]]></DIR NAME SKIP> 
<TIME LIMIT><! [CDATA[300]]></TIME LIMIT> 
<MATCH LIMIT><![CDATA[50]]></MATCH LIMIT> 
<DATA TYPE>String jist</DATA TYPE> 
<DESCRIPTION><! [CDATA[FileContentChech] ]></DESCRIPTION> 
</SCAN_PARAMETERS> 
<TECHNOLOGY_LIST> 
<TECHNOLOGY> 
<ID>53</ID> 
<NAME>Windows 2012 Server</NAME> 
<RATIONALE><! [CDATA[rationale] ]></RATIONALE> 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA [true] ]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>75</ID> 
<NAME>Windows Server 2012 R2</NAME> 
<RATIONALE><! [CDATA[rationale] ]></RATIONALE> 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA [true] ]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
</TECHNOLOGY_ LIST> 
</CONTROL> 
<CONTROL> 
<ID>100006</ID> 
<UPDATE DATE>2019-10-14T19:06:55Z</UPDATE DATE> 
<CREATED DATE>2019-10-09T22:00:50Z</CREATED DATE> 
<CATEGORY>Database Settings</CATEGORY> 
<SUB_CATEGORY><! [CDATA[DB Access Controls] ]></SUB_CATEGORY> 
<STATEMENT><! [CDATA[Windows FCC Use Reg] ]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [min] ]></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<CHECK TYPE><! [CDATA[Windows File Content 
HECK TYPE> 


<OP]! 


DATA[] ] ></COMMENT> 


NT><![C 
ERROR>0</ IGNORE 


ERROR> 


J v m 


ITEM 
RAMET 
H TYP 
EG HIVE><! [C 
HIVE> 
EG K 
EG VALU 
PAT 
QU 
= 


ERS> 


E NAM 


= 
sE 


sE 


| NOT_FOUND>0</IGNORE 


EY><! [CDATA [Tes 


DATA TYPE>String 


_PARAMETERS> 
OGY LIST> 


< 


<T 


< 
</T 


<CONT 


HNOLOGY> 
D>53</ID> 
<NAM 


<DATAPOINT> 


<CARDINALITY>contains</CAR 
ERATOR>xre</OP 


ERATOR> 
DEFAULT VA 
<DEFAUL 


< UI 
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F 


IT 


EM_NOT_FOUND> 


E><! [CDATA [Use Regis 
DATA [HKEY CLASSI 


try key]]></PATH TYP 
ES ROOT 


tKey\user] ]></ 
F><! [CDATA [preName] ] >< 
H><! [CDATA[]]></FILE 


R. 


EG KEY> 


Gl 


/REG_VALU 


E NAME 


PATH> 


RY><! [CDATA[.*]]></FILE 
ist</DATA_ TYE 
SCRIPTION><! [CDATA[reg key] ] ></DESCRIPTION> 


E>Windows 2012 Server</NAME 
<RATIONALE><! [CDATA[rationale] 


</DEFAULT VAL 
</DATAPOINT> 
/ TECHNOLOGY> 
ECHNOLOGY> 


<ID>75</ID> 


Ü] 


T VALU! 
ES> 


F 


QUERY> 


> 


t | 


p 


> 
]></RATIONALI 


Gl 


DINALITY> 


FS total="1"> 
E><! [CDATA[.*]]></D 


<NAME>Windows Server 2012 R2</NAME> 


<RATIONALE><! [CDATA [rationale] ]></RATIONAL 


<DATAPOINT> 
<CA 
p 


<OF 
<D! 


= 
F 


'FAULT_VA 
<DEFAU 


m 


UI 


</ 
</DATA 
/ TECHNO 


DEFAULT VAL 
POINT> 
,OGY> 


a 


ECHNOLOGY LIST> 
</CONTROI 


L> 


ROL> 


<ID>100026</ID> 


<UP 
<CR 


<CAT! 


DAT 


E DAT 


FATED DAT 
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T VALU 
ES> 


E>2019-10-11T20:12:482</UPDATE 
E>2019-10-11T20:12:482</CR 


Gl 


RDINALITY>contains</CARDINALITY> 
ERATOR>xre</OPERATOR> 

ES total="1"> 
E><![CDATA[.*]]></D 


EFAULT VALUE> 


F 


F 


EATE 


EGORY>Access Control Requirements</CATE 


EFAULT_VALUE> 
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<SUB_CATEGORY><! [CDATA [Account Creation/User 
Management] ]></SUB_CATEGORY> 


<STATEMENT><! [CDATA[pre fcc file path regexwith$] ]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [min] ]></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<CHECK TYPE><! [CDATA[Windows File Content 
Check] ]></CHECK TYPE> 
<COMMENT><! [CDATA[] ] ></COMMENT> 
<IGNORE_ERROR>0</IGNORE_ERROR> 
<IGNORE_ ITEM NOT FOUND>0</IGNORE ITEM NOT FOUND> 
<SCAN PARAMETERS> 
<PATH TYPE><! [CDATA[Use file path]]></PATH TYPE> 
<FILE PATH><! [CDATA[C:\us r\PreTest\pretestfil 1.txt]]></FILE_PATH 


T 


E 


x 


<FILE QUERY><! [CDATA[pre\$]]></FILE_QUERY> 
<DATA TYPE>String List</DATA TYPE> 
<DESCRIPTION><! [CDATA[pre\$]]></DESCRIPTION> 
</SCAN_PARAMETERS> 
<TECHNOLOGY_LIST> 


<TECHNOLOGY> 
<ID>1</ID> 
<NAME>Windows XP desktop</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONALE> 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>2</ID> 
<NAME>Windows 2003 Server</NAME> 


<RATIONALE><! [CDATA[ration] ]></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 


ea 
V 


644 


Compliance 
Compliance Control List 


<TECHNOLOGY> 
<ID>12</ID> 
<NAME>Windows 2000</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONALE> 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>18</ID> 
<NAME>Windows Vista</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>21</ID> 
<NAME>Windows 2008 Server</NAME> 
<RATIONALE><! [CDATA[ration] ]></RATIONAL 


eal 
V 


eal 
V 


<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 


<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>37</ID> 
<NAME>Windows 7</NAME> 
<RATIONALE><! [CDATA[ration] ]></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 


<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 


eal 
V 


645 


Compliance 
Compliance Control List 


</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>53</ID> 
<NAME>Windows 2012 Server</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>54</ID> 
<NAME>Windows 8</NAME> 
<RATIONALE><! [CDATA[ration] ]></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>72</ID> 
<NAME>Windows 8.1</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>75</ID> 
<NAME>Windows Server 2012 R2</NAME> 
<RATIONALE><! [CDATA[ration] ]></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 


eal 
V 


eal 
V 


GI 


eal 
V 


zal 
V 
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<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>91</ID> 
<NAME>Windows 10</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
ID>106</ID> 
NAME>Windows 2016 Server</NAME> 
RATIONALE><! [CDATA[ration] ]></RATIONAL 
DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>144</ID> 
<NAME>Windows Embedded 7</NAME> 
<RATIONALE><! [CDATA[ration] ]></RATIONAL 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
ID>145</ID> 
NAME>Windows Embedded 8</NAM 


Eal 


ea 
V 


ea 
V 


< 
< 
< 
< 


ea 
V 


< 
< 


eal 
V 
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EFAULT VALUE 


EFAULT VALUE 


EFAULT VALUE 


<RATIONALE><! [CDATA[ration] ] ></RATIONALE 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></D 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>146</ID> 
<NAME>Windows Embedded 8.1</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONALE 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></D 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>180</ID> 
<NAME>Windows 2019 Server</NAME> 
<RATIONALE><! [CDATA[ration] ] ></RATIONALE 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 
<DEFAULT VALUE><! [CDATA[.*]]></D 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
</TECHNOLOGY_ LIST> 
</CONTROL> 
</CONTROL_LIST> 
</RESPONSE> 
</CONTROL_LIST_OUTPUT> 


648 


Compliance 
Compliance Control List 


List Unix File Content Custom Controls when Evaluate as string is enabled 


You have an option in Unix File Content custom controls to evaluate scan results as a 
string instead of string list. Once the <EVALUATE_AS_STRING> parameter is enabled (1), 
the scan result is evaluated as a single string. By default the option is disabled (0). 


Sample: List FC UDC when Evaluate as string is enabled 


API Request: 


eur -ü 


"US 


ERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST -d 


"action=list&ids=102090é&details=Al11" 


"h 


XML Output: 


<?xml version="1.0" encoding="UTF-8" 
DOCTYPE 
ttps://q 
1 list_o 
<CONTROL_ 


<! 
"h 


u 


ttps://qualysapi.qualys.com/api/2.0/fo/compliance/control/" 


?> 


CONTROL LIST_OUTPUT SYSTEM 


tput.dtd"> 


LIST OUTPUT> 


<RES PONS 


E> 


<DAT 


ETIME>2021-04 


<CONT 


<CONT 


ROL_ 
RO 


IST> 
L> 


-06T11:14:08Z</DAT 


ualysapi.qualys.com/api/2.0/fo/compliance/control/contro 


ETIME> 


<ID>102090</ID> 


< 


<CR 
<CATEGO 
<SUB_CAT 
Settings] ]></SUB 
<STATEM 


UPDATE 


KATE 


_DAT 
D DAT 


E>2021-04-01T11:59:402</UPDATE 
E>2021-04-01T11:59:402Z</CREAT 


_DATE> 
ED DATE 


RY>Web 
EGO 
_ CAT 
INT><! 


En 


list]]></STATEMFENT> 
<CRITICALITY> 


<FILE 


< 


<CHECK 
Check] ]></C 
<COMMENT>< 


< 
< 


<SCAN_ 


_PATH><! [C 


<LABE 
<VALU 
/C 


_TYPE>< 
ECK_TYPE> 
LEG 


H! 


IGNORE 
IGNORE 


ER 
ITEM | 


><! [CDATA [URGENT] ]></LABE 
E>5</VALUE> 
RITICALITY> 


ROR>1</IGNO 
EM NOT FOUN 


Application Services</CATEGORY> 


RY><![CDATA[Web Server/Tier 
EGORY> 


[CDATA[FC New Option Enabled With String 


zj 
Ed 
Vv 


! [CDATA [Unix File Content 


DATA[String list] ]></COMMENT> 
RE_ERROR> 
D>1</IGNORE 


TT: 


EM NOT FOUND> 


PARAMET 


ERS> 


DATA 
QU 


<FILE 
< 
<EVA 
<DESC 


T 


RIPTI 


[/home/tes 
iRY><! [CDATA[.*]]></FILE 


tscan/samram]]></FILE PATH> 
_QUERY> 


DATA TYP 
UATE AS STRING>1</EVALUATE AS ST 


E>String List</DATA TYPE> 


RING> 
ON><! [CDATA[with string list]]></DESCRIPTION> 
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</SCAN PARAMETERS> 
<TECHNOLOGY LIST> 


Sample - List DS UDCs when case sensitive search is disabled 


API Request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST -d 
"action=list&ids=102154&details=A11" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/" 


XML Output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<! DOCTYPE CONTROL LIST_OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/control/control list_ 
output .dtd"> 
<CONTROL LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2021-07-21T12:14:26Z</DATETIME> 
<CONTROL LIST> 
<CONTROL> 
<ID>102154</ID> 
<UPDATE DATE>2021-07-21T07:02:432Z</UPDATE DATE> 
<CREATED DATE>2021-07-07T06:38:30Z</CREATED DATE> 
<CATEGORY>Access Control Requirements</CATEGORY> 
<SUB_CATEGORY><! [CDATA[Account Creation/User 
Management] ]></SUB_CATEGORY> 
<STATEMENT><! [CDATA[DS UDC case sensitive with new 
option] ] ></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [MINIMAL] ] ></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<CHECK TYPE><![CDATA[Unix Directory Search Check] ]></CHECK_TYPE> 
<COMMENT><! [CDATA[DI UDC case sensitive disabled] ]></COMMENT> 
<USE_AGENT_ONLY>1</USE_AGENT_ONLY> 
<IGNORE_ERROR>0</IGNORE_ERROR> 
<SCAN_PARAMETERS> 
<BASE DIR><! [CDATA /home/qa]]></BASE_DIR> 
<SHOULD DESCEND><! CDATA true] ]></SHOULD_ DESCEND> 
<DEPTH_LI IT><! [CDATA[10 ]></DEPTH_ LIMIT> 
<FOLLOW_ SYMLINK><! CDATA true] ]></FOLLOW_SYMLINK> 
<FILE_ NAME MATCH><! [CDATA[*] ]></FILE_NAME MATCH> 
<FILE NAME SKIP><! [CDATA[]]></FILE NAME SKIP> 
<DIR_NA E MATCH><! CDATA[*]]></DIR NAME MATCH> 
<DIR_NA 


E SKIP><! [CDATA[]]></DIR_NAME SKIP> 
<PERMISSIONS> 
<SPECIAL> 
<USER>any</USER> 
<GROUP>any</GROUP> 
<DELETION>any</DELETION> 
</SPECIAL> 
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<USER> 
<READ>any</READ> 
<WRITE>any</WRITE> 
<EXECUTE>any</EXECUTE> 
</USER> 
<GROUP> 
<READ>any</READ> 
<WRITE>any</WRITE> 
<EXECUTE>any</EXECUTE> 
</GROUP> 
<OTHER> 
<READ>any</READ> 
<WRITE>any</WRITE> 
<EXECUTE>any</EXECUTE> 
</OTHER> 
</PERMISSIONS> 
<PERM_COND><! [CDATA all] ]></PERM_COND> 
<TYPE MATCH><! [CDATA [d, f,1,p,b,c,8,D] ]></TYPE_MATCH> 
<USER_OWNER><! [CDATA [Any User] ]></USER_OWNER> 
<GROUP_OWNER><! [CDATA[Any Group] ]></GROUP_OWNER> 
<TI E LIMIT><! [CDATA[300]]></TIME_ LI IT> 
<MATCH_LIMIT><! [CDATA 50] ]></MATCH_LIMIT> 
<DISABLE CASE SENSITIVE SFARCH><![CDATA[true]]></DISABLE CASE SENSITIVE S 
EARCH> 
<DATA TYPE>String List</DATA TYPE> 
<DESCRIPTION><! [CDATA[/home/qa desc]]></DESCRIPTION> 
</SCAN_PARAMETERS> 
</CONTROL_ LIST> 
</RESPONSE> 
</CONTROL LIST OUTPUT> 
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Compliance Policy List 
/api/2.0/fo/compliance/policy/?action=list 
[GET] [POST] 


View a list of compliance policies visible to the user. Policies in the XML output are sorted 
by compliance policy ID in ascending order. Optional input parameters support filtering 
the policy list output. 


Maximum Policies per API Request 

A maximum of 1,000 compliance policy records can be processed per request. If the 
requested list identifies more than 1,000 policies, then the XML output includes the 
<WARNING> element and instructions for making another request for the next batch of 
policy records. 


Permissions 


Note: The Compliance APIs are available as part of one of the following subscription 
combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 


User Role Permissions 

Manager View all compliance policies in subscription. View asset group 
information for all asset groups assigned to policies. 

Auditor View all compliance policies in subscription. View asset group 


information 


for all asset groups assigned to policies. 


Unit Manager 


View all com 
information 


pliance pol 


icies in subscription. View asset group 


for asset groups assigned to policies, when the user 


has permissi 


any user in t 


on to view 


these asset groups. This user can view 


groups assigned to the user’s business unit, and groups created by 
he same business unit. 


Scanner 


View all compliance po 
information for asset groups assigned to policies, when the user 
has permission to view 
groups assigned to the 


user. 


icies in subscription. View asset group 


these asset groups. This user can view 
user account, and groups created by the 


Reader 


user. 


View all compliance po 
information for asset groups assigned to policies, when the user 
has permission to view 
groups assigned to the 


icies in subscription. View asset group 


these asset groups. This user can view 


user account, and groups created by the 
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User Permissions — Asset Group Information 


Asset group information included in the policy list output includes the following, as 
defined for each asset group: asset group ID, title, and assigned IP addresses. Users are 
granted permission to view asset group information assigned to policies when the user 
has permission to view the asset groups. 


For example, when a user makes a request for a compliance policy list and the user does 
not have permission to view asset groups that are assigned to the target policies, then the 
asset group information does not appear in the policy list output. The asset group IDs are 
not listed under the <POLICY> section, and the asset group title and assigned IP addresses 
are not listed under the <GLOSSARY> section. 


na case where a user makes a request for a compliance policy list and the user does not 
have permission to see one or more asset groups assigned to a target policy, the following 
information is provided in the compliance policy list output: 


<POLICY> section. The attribute “has_hidden_data=1" is returned in the <POLICY> section 
in the <ASSET_GROUP_IDS> element. This indicates that the user does not have 
permission to see one or more asset groups in the policy. When this attribute is present, 
only the asset group IDs that the user has permission to see, if any, are listed in the 
<ASSET_GROUP_IDS> element. 


<GLOSSARY> section. Asset group information is not displayed for asset groups assigned 
to compliance policies that the user does not have permission to see. 


<WARNING_LIST> section. A warning message is returned for informational purposes. 
This indicates that at least one of the compliance policies in the output has one or more 
asset groups that the user does not have permission to see. 


Input Parameters 


Parameter Description 
action=list (Required) 
echo_request={0|1} Optional) Show (echo) the request’s input parameters (names 


and values) in the XML output. When not specified, parameters 
are not included in the XML output. Specify 1 to view parameters 
in the XML output. 


details={Basic|All|None} Optional) Show requested amount of information for each 
policy. A valid value is: 


None — show policy ID only 


Basic (default) — show policy ID and title, date/time when the 
policy was created and last modified, asset groups included, 
asset tags included, controls included, whether the Evaluate 
Now option was selected, whether the policy is locked, and 
glossary of compliance policy data in the output. 


All — show the basic policy information, plus a technology list 
for each control, IP list for each asset group, and a user list 
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Parameter Description 
ids={value} (Optional) Show only certain policy IDs and/or ID ranges. One or 
more policy IDs/ranges may be specified. Multiple entries are 


comma separated. A policy II 


D range entry is specified with a 


hyphen (for example, 160-165). Valid policy IDs are required. 


id_min={value} (Optiona 


Show only policies which have a m 
value. A valid policy ID is required. 


inimum policy I 


U 


id_max={value} (Optional) Show only policies which have a maximum policy ID 
value. A valid policy ID is required. 

updated_after_datetime= (Optional) Show only controls updated after a certain date/time. 

value} See Date Filters. 

created_after_datetime= (Optional) Show only controls created after a certain date/time. 

value} See Date Filters. 

DTD 


<platform API server>/api/2.0/fo/compliance/policy/policy_list_output.dtd 


Sample - Compliance Policy List 
API request: 


curl -u "USERNAME: PASSWORD" 


headers.15 


-H "X-Requested-With: 


curl" =p 


"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action 


=L asia 


XML output: 
<POLICY LIST OUTPUT> 
<RESPONSE> 


<DATETIME>2017-11-03T21:15:292Z</DAT 


<POLICY LIST> 
<POLICY> 
<ID>18948</ID> 


ETIME> 


<TITLE><! [CDATA[XP policy] ]></TITLE> 


<CREATED> 


<DATETIME>2017-10-19T18:37:152Z</DAT 


</CREATED> 


<BY>quays_as</BY> 


<LAST MODIFIED> 
<DATETIME>2017-10-26T23:31:57Z</DAT 
<BY>quays_as</BY> 


</LAST_MODIFII 
<LAST_EVALUATI 


Li Rl 


D> 
D> 


E D> 


</LAST EVALUATI 


<DATETIME>2017-11-03T08:40:44Z</DAT 


<STATUS><! [CDATA [active] ]></STATUS> 
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ET IME 


ETIME 


ETIME 


<I 
<E 


S 
VA 


OCK 
UAT! 


ED>0</IS_ LOC 


= 


E NOW><! [CDA 


<ASSI 


<T 


</ 
<T 
<I 
<C 


(startup t 


<CONT 


virtual memory pagefile' 


ET_G 
AG_SET 


ROUP IDS>606 
INCLUDE> 
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KED> 
TA[yes]]></ 
5</ASS] 


S 


EVALUATE NOW> 
ET_GROUP_IDS> 


<TAG ID>7588415</TAG ID> 


TAG SET INCL 
AG _ INCLUDE SE 
NCLUDE AGENT I 
ONTROL_LIST> 
<CONTROL> 
<ID>1045</I 
<STAT 
ype) ]]></STATEM 
<CRITICALITY> 
<LABEL><! [CDA] 
<VALUE>3</VALU 


DE> 


U 


a 1 


D> 


ENT 


ECTOR>ANY</TAG INC 
PS>1</INCLUDE 


EMENT><! [CDATA[Status of the 
[> 


TA [S] 


1UD 
ENT I 


ECTOR> 


PS> 


F 


AG 


'Clipbook' service 


ERIOUS]]></LAB 


</CRITICALITY> 
</CONTROL> 
[ROL> 
<ID>1048</ID> 
<STAT 


set 
<CRITICALITY> 
<LABE 


EMENT><! [CDATA [Status of the 


><! [CDATA [CRITICAL] ] ></ 


E> 


"Shutdown: 
ENT> 


Clear 


ting] ]></STAT 


EM 


ABI 


F.L > 


<VALUE>4</VALU 
</CRITICALITY> 


</CONTRO 

</CONTROL_ 
</POLICY> 

</POLICY LIST> 
<GLOSSARY> 


L> 
LIST> 


<ASSI 


<ASS!I 
<I 
<" 


ET GROUP LIST> 
ET GROUP> 

D>6065</ID> 
TITLE><! [CDAT 


TA [Windows XP]]></TITL 


</ASSET | 
</ASSET_GROU 
<ASSET_TAG L 
<TAG> 
a 
<TAG NAM 
</TAG> 
</ASSET_TAG_ 
</GLOSSARY> 
</RESPONSE> 


GROU 


P> 
P LIST> 
IST> 


LIST> 


</POLICY LIST OUTPUT> 


F> 


TAG_ID>7588415</TAG_ID> 
E>windows XP</TAG NAM 


(eA 
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Compliance Policy - Export 
/api/2.0/fo/compliance/policy/?action=export 


[GET] [POST] 


Export compliance policies from your account to an XML file. Service provided controls are 
exported and you can choose to also export user defined controls. The output also 
includes an appendix with human readable look-ups for control descriptions, giving you 
explanation on the various aspects of control description and evaluation. 


Permissions - If you’re not a Manager, the permission to Manage PC module must be 
turned on in your account. 


Input Parameters 


Parameter Description 
action=export Required) 
echo_request={0|1} Optional) Show (echo) the request’s input parameters (names 


and values) in the XML output. When not specified, parameters 
are not included in the XML output. Specify 1 to view parameters 
in the XML output. 


id={value} Required) The ID or the title of the policy you want to export. 
or 
title={value} 


show_user_controls={0|1} Optional) Set to 1 to include user-defined controls (UDCs) in the 
XML output. When not specified, UDCs are not included. 


show_appendix={0|1} Optional) Set to 1 to show the appendix section in the XML 
output. When unspecified, the appendix section is not 
included in the output. 


show_user_controls={0|1} Optional) Set to 1 to show user-defined controls (UDCs) in the 
XML output. For Qualys Custom Controls you'll see the UDC ID 
for each control in the output. When not specified, the appendix 
section is not included in the output. 


Interested in Qualys Custom Controls? Log in to Qualys, go to 
Help > Online Help and search for “custom controls”. 


Sample - Export Policy 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "action=export&id=853744" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/" 


XML output: 


<?xml version="1.0 encoding=UTF-8" ?> 
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= 
F 


<DOCTYPE POLICY EXPO 
"https://qualysapi.q 
port _output.dtd"> 
<POLICY> 
SEEL 
<EXPORT 
<COVER_PAGE><! [C 
<TECHNOLOGIES to 
<TECHNOLOGY> 
<ID>1</I 
<NAM 
</TECHNOLOGY> 
ECHNOLOGIES> 
ECTIONS total="1"> 
<SECTION> 
<NUMBI 
<HEAD 
<CONTROLS total="20 
<CONTROL> 
<ID>1111</1 
<TECHNOLOGI 


RT OUTPUT S 


F 


DATA[]]></C 
tal="1"> 


D> 


SATI 
<S 


ER>1</NUMB 


ER> 


YSTI 


E><! [CDATA [My Policy]]></TITL 
ED><! [CDATA[2013-07-17T18:19:572]]></ 
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EM 
ualys.com/api/2/fo/compliance/policy/policy ex 


E> 


EXPORT 


ED> 


OV. 


ER 


PAG 


E> 


E>Windows XP desktop</NAM 


ING><! [CDATA[Default section]]></H 


"> 


D> 
ES to 


<TECHNO 


OGY> 


<ID 


< 


>1</I 


<NAME>Windows XP desktop</NAM 


EVA 


UATE 


Gl 


KADING> 


tal="1"> 


D> 


Gl 


= 
F 


checksum="74378dqd12a39f82721a3cb156dee58c663a650a9ce422bd311b5e5443 


c2a20f14">&lt;CTRL&gt;&lt;NOT&g 
ogintext&lt;/K&gt;&1lt;OP&gt;re& 


t;&1t 
1t;/0 


;DP&égt; &lt;Kégt;auth.general.1l 
P&gt; &lt;Végt; &lt;! [CDATA[*(\s 


* | 314159265358979|161803399999999)$]]&gt;&lt;/Végt; &lt; /DP&gt; &lt; 


/NOT&gt; &lt; /CTRL&gt; </EVALUAT 


</TECHN 


= 
ry 


> 
OLOGY 


</TECHNOLOG 


IES> 


</CONTROL> 
</SECTION> 
</SECTIONS> 
</POLICY> 


"US 


ERNAM 


F: PASSWORD" 


curl -u G 


ET -H "X-Requested-With: 


> 


Sample - Export Policy with Appendix with lookups for control descriptions 
API request: 


curl" -X 


"POST" -d “action=exporté&id=5438é&show_appendix=1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/">showA 


pp. xml 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POLICY EXPORT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 
export output.dtd"> 
<POLICY EXPORT OUTPUT> 
<RESPONSE> 
<DATETIME>2017-09-09T09:07:132</DATETIME> 
<POLICY> 
<TITLE><! [CDATA[Solaris] ]></TITLE> 
<EXPORTED><! [CDATA[2017-09-09T09:07:122] ] ></EXPORTED> 
<COVER_PAGE><! [CDATA[] ] ></COVER_PAGE> 
<STATUS><! [CDATA [active] ]></STATUS> 
<TECHNOLOGIES total="4"> 
<TECHNOLOGY> 
<ID>4</ID> 
<NAME>Solaris 9.x</NAM 
</TECHNOLOGY> 


£ 


Fl 
V 


<SECTION> 


<NUMBER>3</NUMBER> 
<HEADING><! [CDATA [Untitled] ] ></HEADING> 
<CONTROLS total="4"/> 
</SECTION> 
</SECTIONS> 
<!--Note : Remove APPENDIX section if you wish to import this 
XML as policy.--> 
<APPENDIX> 
<OP_ACRONYMS><OP id="l1t">less than</OP> 
<OP id="gt">greater than</OP> 
<OP id="le">less than or equal to</OP> 
<OP id="ge">greater than or equal to</OP> 
<OP id="ne">not equal to</OP> 
<OP id="xeq">list OR string list</OP> 
<OP id="eq">equal to</OP> 
<OP id="in">in</OP> 
<OP id="xre">regular expression list</OP> 


<OP id="re">regular expression</OP> 
<OP id="range">in range</OP></OP ACRONYMS> 
<DATA POINT ACRONYMS> 
<DP> 
<K id="auth.useraccount.legacy-plus- 

accounts"><![CDATA[The following List String value(s) <B>X</B> 
indicate the current list of accounts defined within the 
<B>/etc/group 
</B>, <B>/etc/shadow</B>, and/or <B>/etc/passwd</B> files having a 
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<B>plus-sign '+'</B> preceding them.]]></K> 
<FV id="161803399999999"><! [CDATA[Setting not 
found] ]></FV> 
<FV id="314159265358979"><! [CDATA[File not 

found] ]></FV> 

</DP> 

<DP> 

<K id="auth.useraccount.minimum-password-length"> 
<![CDATA[This Integer value <B>X</B> indicates the 
current status of the <B>PASSLENGTH 'minimum 


password 
length'</B> setting within the 
<B>/etc/default/passwd 
</B> file.]]></K> 
<FV id="161803399999999"><! [CDATA[Setting not 
found] ]></FV> 
<FV id="314159265358979"><! [CDATA[File not 
found] ]></FV> 
</DP> 


</POLICY EXPORT OUTPUT> 


Sample - Export Library Policy to XML 


You can export a library compliance policy from your account to an XML file. Just like with 
user created policies you must specify the input parameter show_user_controls=1 to 
include UDCs in the output. When the policy includes a Qualys Custom Control you'll see 
the UDC ID for the control in the output. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -q 
"action=exportéids=991742279&show_user controls=1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/" 


XML output: 


<POLICY> 

<TITLE><! [CDATA[Library Policy with 2 UDC v.2.0]]></TITLI 
<EXPORTED><! [CDATA[2017-04-17T15:02:562] ]></EXPORTED> 
<COVER_PAGE><! [CDATA[] ] ></COVER_PAGE> 
<STATUS><! [CDATA [active] ]></STATUS> 
<TECHNOLOGIES total="2"> 

<TECHNOLOGY> 


eal 
V 
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<ID>2</ID> 
<NAME>Windows 2003 Server</NAME> 
</TECHNOLOGY> 
<TECHNOLOGY> 
<ID>12</ID> 
<NAME>Windows 2000</NAM 
</TECHNOLOGY> 
</TECHNOLOGIES> 
<SECTIONS total="1"> 
<SECTION> 
<NUMBER>1</NUMBER> 
<HEADING><! [CDATA [Untitled] ]></HEADING> 
<CONTROLS total="1"> 
<USER_DEFINED CONTROL> 
<ID>100005</ID> 
<UDC_ID>55449d95-1877-7ee5-829a- 
4eededacb04f£</UDC_ID> 
<CHECK TYPE>Registry Value 
Existence</CHECK_TYPE> E 
<IS_ CONTROL DISABLE><![CDATA[0]]></IS_CONTROL DISABLE> 
<CATEGORY> 
<ID>3</ID> 
<NAME><! [CDATA [Access Control 


Fl 
V 


Requirements] ]></NAME> 
</CATEGORY> 
<SUB_ CATEGORY> 
<ID>1007</ID> 


<NAME><! [CDATA [Authentication/Passwords] ]></NAM 
</SUB_CATEGORY> 


Fl 
V 


Updates you'll see once Agent UDC support is available 
New Agent UDC Support will be announced soon via the Qualys Technology blog once 
remaining components are released. 


The XML output may include the USE_LAGENT_ONLY element for these Windows and Unix 
control types: Directory Search Control and Directory Integrity Control. This is set to 1 
when the “Use agent scan only” option is enabled for the control. 


The XML output may include the AUTO_UPDATE element for these Windows and Unix 
control types: File Integrity Control and Directory Integrity Control. This is set to 1 when 
the “Auto update expected value” option is enabled for the control. 
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Sample - Export Policy when Agent UDC Support is available 


API request: 


curl -u username:password -H "X-Requested-With: 


curd =a 


"action=export&id=1448425&show_user controls=l&show_appendix=0" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/">UDCWI 


ND.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


= 
F 


<!DOCTYPE PO 


"https://q 
export outpu 
<POLICY EX 

<RES PONSE> 
<DATETIM 
LICY> 
<TITLE 
<EXPO 


ICY 
ualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 


EXPORT OUTPUT SY 


.dtd"> 


PORT OUTPUT> 


<COVE 


PAG 


<STAT 
<TECHNOLO 


E><! [CDATA[] ]></COV 


GIES total="3"> 


<TECH 


NOLOGY> 


< 
< 
</TEC 


ID>45</ID> 
NAME>Red Hat 
NOLOGY> 


<TECH 
< 
< 
</TEC 


NOLOGY> 
ID>52</ID> 
NAME>AIX 7.x</NAM 
NOLOGY> 


GI 


<TECH 
< 


<NAME>Red Hat 


</TEC 


NOLOGY> 
ID>81</ID> 


NOLOGY> 


</TECHNOL 


OGIES> 


<SECTIONS 
<SECT 


<N 


< 
< 


e92d4076£499< 


Check</CH 


ECK_ 


total="1"> 
ION> 
UMBER>1</NUMB 
HEADING><! 
CONTRO 
<US 


ER> 


LS total="4"> 
ER DEFIN 


/UDC_ID> 


<CHI 


TYP! 
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?> 
ST! 


EM 
E 


F>2018-10-05T10:41:43Z</DAT 


ETIM 


E> 


! [CDATA [Windows Linux UDC Policy]]></TITL 
iD><! [CDATA[2018-10-05T10:41:43Z]]></ 


E> 
EX PORTED> 


E> 


ER PAG 


US><! [CDATA [active] ]></STATUS> 


Enterprise Linux 6.x</NAM 


Enterprise Linux 7.x</NAM 


[CDATA [ddd] ] ></H 


ED CONTROL> 
<ID>100041</ID> 
<UDC_ID>929a8c4e-5057-e3f3-8225- 


KADING> 


ECK TYPE>Unix Directory Search 
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<IS CONTROL DISABLE><![CDATA[0]]></IS CONTROL DISABLE> 


Requirements] ]></NAME> 


Management] ] ></NAME> 


Search] ]></STAT 


Sample: Export Policy w 
API Request: 


<CATEGORY> 
<ID>3</ID> 
<NAME><! [CDATA [Access Control 


</CATEGORY> 
<SUB_CATEGORY> 
<ID>1010</ID> 
<NAME><! [CDATA[Account Creation/User 


</SUB_CATEGORY> 
<STATEMENT><! [CDATA [Directory 
'MENT> 
<CRITICALITY> 
<LABEL><! [CDATA [SERIOUS] ] ></LABEL> 
<VALUE>3</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA [] ]></COMMENT> 
<USE_AGENT ONLY>1</USE_AGENT_ONLY> 
<AUTO_UPDATE>0</AUTO_UPDATE> 
<IGNORE_ERROR>0</IGNORE_ ERROR> 


T 


7] 


T 


hen Case Sensitive Search is disabled 


curl -u "USERNAM 


E:PASSWORD" -H "X-Requested-With:curl" -X POST -d 


"action=export&id=4034697&show_user_controls=1" 


"https://qualysa 


XML Output: 


pi.qualys.com/api/2.0/fo/compliance/policy/" 


<?xml version=" 


1.0" encoding="UTF-8" ?> 


<!DOCTYPE POLICY EXPORT_OUTPUT SYSTEM 


"https://qualysapi.p04.eng.sjc01.qualys.com/api/2.0/fo/compliance/policy/ 
policy export output.dtd"> 
<POLICY_EXPORT_OUTPUT> 


<RES PONSE> 


<POLICY> 


<EXPORTED><! 


<DATETIME>2021-07-22T08:33:50Z</DATETIME> 


<TITLE><! [CDATA[Suse 11 DI and DS check] ]></TITLE> 


[CDATA[2021-07-22T08:33:482Z] ]></EXPORTED> 


<COVER_PAGE><! [CDATA[]]></COVER_PAGE> 
<STATUS><! [CDATA[active] ] ></STATUS> 
<TECHNOLOGIES total="2"> 

<TECHNOLOGY> 


<ID> 
<NAM 
</TECHNO 


38</ID> 


E>SUSE Linux Enterprise 11.x</NAME> 
.OGY> 
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<USER_DEFINED_CONTROL> 
<ID>100550</ID> 
<UDC_ID>74d487e1-6clc-5de7-8063-a878edc046d7</UDC_ID> 
<CHECK TYPE>Unix Directory Search Check</CHECK_TYPE> 
<IS_ CONTROL DISABLE><! [CDATA[0]]></IS CONTROL _DISABLE> 
<CATEGORY> 
<ID>3</ID> 
<NAME><! [CDATA [Access Control Requirements] ]></NAME> 
</CATEGORY> 
<SUB_CATEGORY> 
<ID>1010</ID> 
<NAME><! [CDATA[Account Creation/User 
Management] ] ></NAME> 
</SUB_CATEGORY> 
<STATEMENT><! [CDATA[Basic Directory Search Check- 
UNIX edited] ]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [MEDIUM] ] ></LABEL> 
<VALUE>2</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA[Directory Search Check]]></COMMENT> 
<IGNORE_ERROR>0</IGNORE_ERROR> 
<SCAN_PARAMETERS> 
<BASE DIR><! [CDATA[/etc/123/yyy/eeee/111]]></BASE DIR> 
<SHOULD DESCEND><! [CDATA [false] ]></SHOULD DESCEND> 
<GROUP_OWNER><! [CDATA [Any Group] ] ></GROUP_OWNER> 
<TIME LI IT><! [CDATA[300]]></TIME LIMIT> 
<MATCH LIMIT><! [CDATA[50]]></MATCH_LIMIT> 
<DISABLE CASE SENSITIVE SEARCH><! [CDATA[false]]></DISABLE CASE SENSITIVE 
_SEARCH> 
<DATA_TYPE>String List</DATA_TYPE> 
<DESCRIPTION><! [CDATA[Directory Search 
Check] ]></DESCRIPTION> 
</SCAN_PARAMETERS> 
</TECHNOLOGY> 
</TECHNOLOGIES> 
<REFERENCE_LIST/> 
</USER_DEFINED CONTROL> 
</CONTROLS> 
</SECTION> 
</SECTIONS> 
</POLICY> 
</RESPONSE> 
</POLICY EXPORT OUTPUT> 
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Database UDCs for MS SQL, Oracle, Sybase, PostgreSQL/Pivotal Greenplum, SAP IQ, 
and IBM DB2 

You can create custom controls for MSSQL, Oracle, Sybase, PostgreSQL/Pivotal Greenplum, 
SAP IQ, and IBM DB2 databases. To support database controls, we've added new elements 
to the XML output and DTDs for Control List Output and Policy Export Output. 


Sample - Policy API 
API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" 
-d "“action=export&id=1358790&éshow_ user controls=1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/"> 
PolicyExportAPI.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE POLICY EXPORT OUTPUT SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 

export output.dtd"> 

<POLICY EXPORT OUTPUT> 

<RESPONSE> 

<DATETIME>2019-05-21T18:49:06Z</DATETIME> 

<POLICY> 
<TITLE><! [CDATA[Objects_ Check] ]></TITLE> 

<EXPORTED><! [CDATA[2019-05-21T18:49:062] ] ></EXPORTED> 

<COVER PAGE><! [CDATA [] ]></COVER_PAGE> 


<STATUS><! [CDATA [active] ] ></STATUS> 


<USER_DEFINED_CONTROL> 
<ID>100338</ID> 
<UDC_ID>e9ff3da7-9d0c-4a64-8055- 
e49a3f88f838</UDC_ID> 
<CHECK TYPE>Oracle Database Check</CHECK_ TYP 
<IS_ CONTROL DISABLE><! [CDATA[0]]></IS_ CONTROL DISABL 
<CATEGORY> 
<ID>5</ID> 
<NAME><! [CDATA [Services] ]></NAM 
</CATEGORY> 
<SUB_CATEGORY> 
<ID>1024</ID> 
<NAME><! [CDATA [Support] ]></NAM 
</SUB_CATEGORY> 
<STATEMENT><! [CDATA[STMT:SELECT * FROM 
user tables; ]]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [MEDIUM] ] ></LABEL> 


Fl 
V 


[zal 
V 


T 
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<VALUE>2</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA [SELECT * FROM 
user tables]]></COMMENT> 
<IGNORE ERROR>1</IGNORE ERROR> 
<ERROR SET STATUS>PASS</ERROR SET STATUS> 
<TECHNOLOGIES total="1"> 
<TECHNOLOGY> 
<ID>8</ID> 


<NAME>Oracle 10g</NAM 


* 


Fl 
V 


<EVALUATE><CTRL><AND><OR><DP><K>custom.oracle query.1661091</K><OP 
>xre</OP><CD>matches</CD><FV set="1">No data 

found</FV><DT>5</DT><V><! [CDATA[.*]]></V><DBCOL><! [CDATA[STATUS] ]> 
</DBCOL></DP></OR><DP><K>custom.oracle query.1661091</K><L>0</L><O 
P>eq</OP><DT>4</DT><CD>match 
all</CD><V>2</V><DBCOL>NUM_ROWS</DBCOL></DP></AND></CTRL></EVALUAT 
E> 


<RATIONALE><! [CDATA[rat:SELECT * FROM 


eal 
V 


user tables]]></RATIONAL 


<DB QUERY><! [CDATA[SELECT * FROM 


user_tables;]]></DB_QUERY> 


<DESCRIPTION><! [CDATA[des:SELECT * FROM 
user tables]]></DESCRIPTION> 
</TECHNOLOGY> 
</TECHNOLOGIES> 
<REFERENCE_LIST/> 
</USER_DEFINED_CONTROL> 


T 


</RESPONSE> 
</POLICY EXPORT OUTPUT> 


Sample - Export Policy for File Content Check 
API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" 
-d "action=exportéid=175896l1&show_ user controls=1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/"> 
FCCWin Policy Export.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE POLICY EXPORT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 
export output.dtd"> 

<POLICY EXPORT OUTPUT> 
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<RESPONSE> 


<DATETIME>2019-10-14T21:21:452</DATETIME> 
<POLICY> 
<TITLE><! [CDATA[SamplePolicyWithFileContentSearchUDCs] ]></TITLE> 


< 


EXPORTED><! [CDATA[2019-10-14T21:21:452] ]></EXPORTED> 


<COVER_PAGE><! [CDATA[] ] ></COVER_PAGE> 
<STATUS><! [CDATA [active] ] ></STATUS> 


<T 


</TI 
<S] 


ECHNOLOGIES total="1"> 


<TECHNOLOGY> 

<ID>75</ID> 

<NAME>Windows Server 2012 R2</NAM 
</TECHNOLOGY> 


eal 
V 


ECHNOLOGIES> 
ECTIONS total="1"> 
<SECTION> 
<NUMBER>1</NUMBER> 


<HEADING><! [CDATA [Untitled] ] ></HEADING> 
<CONTROLS total="3"> 

<USER_ DEFINED CONTROL> 
<ID>100006</ID> 
<UDC_ID>98e7ddel-412d-4a95-8262- 


b7bd168ebad8</UDC_ID> 


Check</CHECK_TYPE> 


<CHECK TYPE>Windows File Content 


<IS_ CONTROL DISABLE><! [CDATA[0]]></IS CONTROL DISABLE> 
<CATEGORY> 
<ID>8</ID> 

<NAME><! [CDATA [Database Settings] ]></NAME> 
</CATEGORY> 
<SUB_ CATEGORY> 

<ID>1044</ID> 

<NAME><! [CDATA[DB Access Controls] ]></NAM 
</SUB_CATEGORY> 


eal 
V 


<STAT 


EM. 


ENT><! [CDATA [Windows_FCC_Use_Reg] ]></STATEMENT> 


<CRITICALITY> 
<LABEL><! [CDATA [min] ]></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA [] ] ></COMMENT> 
'NT_ONLY>0</USF_AGENT_ONLY> 
<AUTO UPDATE>0</AUTO UPDATE> 
<IGNORE ERROR>0</IGNORFE ERROR> 
<IGNORE ITEM NOT FOUND>0</IGNORE ITEM NOT FOUND> 
<SCAN PARAMETERS> 


A 
G 
n 
D 
Q 
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key]]></PATH TYP 


(H 


KCR)]]></R 


F> 


EG HIVE 


<RI 


T 


F><! [C 


EG VALU 


key] ]></DI 


<EVALUAT!I 


| NAM 


ESCRIPTION> 


E><CTRL><DP><K>custom.win fil 


>0</L><C 
L></EVA 


D>contains</CD><OP>xre</OP><V><![C 
UAT 


E> 


<RATIONA 


E><! [CDATA[ 


<D! 


EFAULT VALU 


E><! [CD 


987£04cdab15</UDC_I 


Check</CH 


Requirements] ]></NAM 


PATH TYPE><! [CDATA[U 


RE 


HIVE><! [CDATA[HK 


<RE EY><! [CDATA [Test 
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se Registry 


EY CLASSES ROOT 


KeyNuser]]></RFG KEY> 


DATA[preName] ]></REG VALU 
<FILE PATH><! [CDATA[] 
<FI QUERY><! [CDATA[ 

PE>String Lis 


<DATA TYE 
<DESCRIPTION><! [CDATA 


Py 


T 


</SCAN_PARAMETERS> 
<TECHNOLOGIES total="1"> 
<TECHNOLOGY> 
<ID>75</ID> 
<NAM 


E>Windows Server 2012 R2</NAM 


E NAME> 
]></FILE_PATH> 
.*]]></FILE 

D 


t</DATA TYE 
[reg 


= 


E 


ERY> 


t | 


Gl 


con 


cen 


rationale] ]></RATIONAL 
<DATAPOINT> 
<CARDINAI 

p 


<OF 
<D! 


E> 


LITY>c 


Eal 


FAULT VA 


ERATOR>xre</OP 
U 


t_check.1007110</K><L 


DATA[.*]]></V></DP></CTR 


ontains</CARDINALITY> 
ERATOR> 
FS total="1"> 


ATA[.*]]></DEFAULT_VALUE> 
</DEFAULT_VAL 


ES> 


</DATAPOINT> 
E CHNOLOGY> 
,OGIES> 

E LIST/> 

EFINED CONTROL> 


ERE 


T 


ECK TYPE> 
<IS_CONT 


EFINED CONTROL> 
D>100000</ID> 
DC_I 


ECK TYP] 


ROL DISABLI 

<CATEGORY> 
<ID>3</ID> 
<NAME><! [CDATA [Access 


GI 
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D>b24df£689-0714-7045-833a- 


E>Windows File Content 


Control 
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</CATEGORY> 
<SUB_ CATEGORY> 
<ID>1010</ID> 
<NAME><! [CDATA[Account Creation/User 


eal 
V 


Management] ] ></NAMI 
</SUB_CATEGORY> 
<STATEMENT><! [CDATA [preFCCUDC] ] ></STATEMENT> 
<CRITICALITY> 

<LABEL><! [CDATA [min] ] ></LABEL> 

<VALUE>1</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA [] ] ></COMMENT> 
<USE_ AGENT ONLY>0</USE AGENT ONLY> 
<AUTO_UPDATE>0</AUTO_UPDATE> 
<IGNORE ERROR>0</IGNORE_ ERROR> 

<IGNORE ITEM NOT FOUND>0</IGNORE ITEM NOT FOUND> 

<SCAN PARAMETERS> 

<PATH_ TYPE><! [CDATA[Use file 


$ 


search] ]></PATH TYPE> 


A 
tr] 
H 


E QUERY><! [CDATA[QWEB*]]></FILE QUERY> 
<BASE DIR><! [CDATA[c:\]]></BASE DIR> 
<DEPTH LIMIT><! [CDATA[3]]></DEPTH LIMIT> 


T 


] 
] 


[I 


<FILE NAME MATCH><! [CDATA[preTest2.txt]]></FILE NAME MATCH> 


<FILE NAME SKIP><! [CDATA[]]></FILE NAME SKIP> 


<DIR NAME MATCH><! [CDATA[*]]></DIR_ NAME MATCH> 
<DIR_ NAME SKIP><![CDATA[]]></DIR_ NAME SKIP> 
<TIME LIMIT><! [CDATA[300]]></TIME LIMIT> 


<MATCH_ LIMIT><! [CDATA[50]]></MATCH_ LIMIT> 


<DATA_TYPE>String List</DATA TYPE> 


<DESCRIPTION><! [CDATA[FileContentChech] ] ></DESCRIPTION> 
</SCAN_PARAMETERS> 
<TECHNOLOGIES total="1"> 
<TECHNOLOGY> 
<ID>75</ID> 
<NAME>Windows Server 2012 R2</NAM!I 


eal 
V 


<EVALUATE><CTRL><DP><K>custom.win file content check.1007020</K><L 
0</L><CD>contains</CD><OP>xre</OP><V><! [CDATA[true] ] ></V></DP></C 
RL></EVALUATE> 


V 


H 


<RATIONALE><! [CDATA [rationale] ] ></RATIONAL 
<DATAPOINT> 


eal 
V 
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CARDINALITY>contains</CARDINALITY> 


<OPERATOR>xre</OPFRATOR> 
<DEFAULT VALUES total="1"> 


[J] 


<DEFAULT VALUE><! [CDATA [true] ] ></DEFAULT_VALUE> 


29d04fb12511</UDC_I 


Check</CHECK TYPE> 

<IS_ CONTROL DISABLE><! [CDATA[0]]></IS CONTROL DISABLE> 
<CATEGORY> 
<ID>3</ID> 


</DEFAULT_VALUES> 


</DATAPOINT> 


</TEC 


HNO 


OGY> 


ECHNOLOGIES> 


<REFERENC 


F L 


DEFINE 


D C 


IST/> 
ONTROL> 


EFINED CONTROL> 


<ID>100026</ID> 


<UDC_I 


Requirements] ]></NAME> 
</CATEGORY> 


Management] ] ></NAM 


Gl 


<SUB_CAT! 


> 


ECK TYPE> 


D>d908b3£9-59f9-fb70-801c- 


Windows File Content 


<NAME><! [CDATA [Access Control 


EGORY> 


<ID>1010</ID> 


<NAME><! [CDATA[Account Creation/User 


</SUB_CATEGORY> 
<STATEMENT><! [CDATA[pre fcc file path regexwith$] ]></STATEMENT> 

<CRITICALITY> 
<LABEL><! [CDATA [min] ] ></LABEL> 
<VALUE>1</VALUE> 

</CRITICALITY> 

<COMMENT><! [CDATA[] ] ></COMMENT> 

<USE_AGENT_ONLY>0</USE_AGENT_ONLY> 


<IGNORE_ITEM NOT _FOUND>0</IGNORE 
<SCAN_PARAME 
<PATH TYPE><! [CDATA[Use file 


path] ]></PATH_TYP 


T 


<FILE PATH><! [CDATA[C:\user\ 


> 


F> 


<AUTO UPDATE 


>0</AUTO UPDATE> 


<IGNORE ERROR>0</IGNORE ERROR> 


_ITEM NOT FOUND> 


TERS> 


PreTest\pretestfilel.txt]]></FIL 


Gl 


_ PATH 


<FILE 


_ QU 


F 


ERY><! [CDATA[pre\$]]></FILE 


_ QU 


ERY> 
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<DATA TYPE>String List</DATA TYPE> 
<DESCRIPTION><! [CDATA[pre\$] ]></DESCRIPTION> 
</SCAN_PARAMETERS> 
<TECHNOLOGIES total="1"> 
<TECHNOLOGY> 
<ID>75</ID> 
<NAME>Windows Server 2012 R2</NAM 


eal 
V 


<EVALUATE><CTRL><DP><K>custom.win file content _check.1l1008003</K><L 
>0</L><CD>contains</CD><OP>xre</OP><V><! [CDATA[.*]]></V></DP></CTR 
L></EVALUATE> 


<RATIONALE><! [CDATA[ration] ] ></RATIONALE> 
<DATAPOINT> 
<CARDINALITY>contains</CARDINALITY> 
<OPERATOR>xre</OPERATOR> 
<DEFAULT VALUES total="1"> 


<DEFAULT VALUE><! [CDATA[.*]]></DE AULT VALUE> 
</DEFAULT_VALUES> 

</DATAPOINT> 

</TECHNOLOGY> 
</TECHNOLOGIES> 
<REFERENCE LIST/> 
</USER_DEFINED_CONTROL> 
</CONTROLS> 
</SECTION> 
</SECTIONS> 

</POLICY> 

</RESPONSE> 
</POLICY EXPORT OUTPUT> 


T 


Sample - Export policy with UDCs into XML file showing remediation information 


API request: 


curl -u "USERNAME :PASSWORD" -H "X-Requested-With: curl" -q 
"action=export&id=1801961&show_user_controls=1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POLICY EXPORT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 
export _output.dtd"> 
<POLICY EXPORT OUTPUT> 
<RESPONSE> 
<DATETIME>2020-04-22T16:47:24Z</DATETIME> 
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<POLICY> 
<TITLE><! [CDATA[RHEL 8]]></TITLE> 
<EXPORTED><! [CDATA[2020-04-22T16:47:242Z] ] ></EXPORTED> 
<COVER_PAGE><! [CDATA[] ] ></COVER_PAGE> 
<STATUS><! [CDATA [active] ]></STATUS> 
<TECHNOLOGIES total="1"> 
<TECHNOLOGY> 
<ID>217</ID> 
<NAME>Red Hat Enterprise Linux 8.x</NAME> 
</TECHNOLOGY> 
</TECHNOLOGIES> 
<SECTIONS total="2"> 


<SECTION> 
<NUMBER>2</NUMBER> 
<HEADING><! [CDATA [UDC] ] ></HEADING> 
<CONTROLS total="6"> 
<USER_DEFINED CONTROL> 
<ID>100028</ID> 
<UDC_ID>c50922a1-1482-df£3f-83e2- 
bb96c99ffc48</UDC_ID> 
<CHECK TYPE>Unix File/Directory 
Permission</CHECK TYPE> 
<IS CONTROL DISABLE><! [CDATA[0]]></IS_CONTROL_DISABLE> 
<CATEGORY> 
<ID>3</ID> 
<NAME><! [CDATA [Access Control 


Requirements] ] ></NAME> 
</CATEGORY> 
<SUB_ CATEGORY> 
<ID>1007</ID> 


<NAME><! [CDATA [Authentication/Passwords] ]></NAM 
</SUB_CATEGORY> 
<STATEMENT><! [CDATA[Basic File/Directory 
Permission-UNIX-RHEL 8] ]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [SERIOUS] ]></LABEL> 
<VALUE>3</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA [Basic File/Directory 
Permission] ]></COMMENT> 
<USE AGENT ONLY>0</USE AGENT ONLY> 
<AUTO_UPDATE>0</AUTO_UPDATE> 
<IGNORE_ERROR>0</IGNORE ERROR> 
<IGNORE ITEM NOT FOUND>0</IGNORE ITEM NOT FOUND> 


eal 
V 


$ 


E 
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<SCAN PARAMETERS> 


<FILE PATH><! [CDATA[/etc/pro 


= 


file] ]></FILE PATH> 


<DATA_TYPE>String</DATA TYPE> 
<DESCRIPTION><! [CDATA[File/Directory 


Permission] ]></DESCRIPTION> 


</SCAN_PARAMETERS> 
<TECHNOLOGIES total="1"> 


<TECHNOLOGY> 


<ID>217</ID> 


<NAME>Red Hat Enterprise Linux 8.x</NAME> 


<EVALUATE><CTRL><DP><K>custom. file permission.1007079</K><OP>re</O 


P><V><! [CDATA[.*]]></V></DP></CTRL></EVALUATE> 
<RATIONALE><! [CDATA[Basic File/Directory 


Permission-UNIX] ]></RATIONAL 
< 


<DATAPOINT> 


<DEFAULT VALUE><! [CDATA[.*]]></DEFAULT VALUE> 


F> 
REMEDIATION><! [CDATA[]]></REMEDIATION> 


<CARDINALITY>no cd</CARDINALITY> 
<OPERATOR>re</OPFRATOR> 
<DEFAULT VALUES total="1"> 


Eal 


</DEFAULT_VALUES> 


</DATAPOINT> 
</TECHNOLOGY> 


</TECHNO 


,OGIES> 


<REFERENCE LIST/> 


</USER DEFIN 


<USER DEFINE 


<UDC_ID> 
6£3££59172a8</UDC_ID> 


Existence</CHECK TYPE> 


ED CONTROL> 
D CONTROL> 


<ID>100029</ID> 


9da2c628-fb7d-50cf£-8230- 


<CHECK TYPE>Unix File/Directory 


<IS_ CONTROL DISABLE><! [CDATA[0]]></IS CONTROL DISABLE> 
<CATEGORY> 
<ID>3</ID> 


Requirements] ] ></NAME> 
</CATEGO 


<NAME><! [CDATA [Access Control 


RY> 


<SUB_ CATEGORY> 
<ID>1007</ID> 


<NAME><! [CDATA [Authentication/Passwords] ]></NAM 


eal 
V 


</SUB_CATEGORY> 
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<FILE PATH><![CDATA[/etc/profile]] 
<DATA TYPE>Boolean</DATA TYP 
<DESCRIPTION><![CDATA[test]]></D 


<EVALUATE><CTRL><DP><K>c 
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<STATEMENT><! [CDATA [Basic File/Directory 


<CRITICALITY> 
<LABEL><! 


Existence-UNIX-RHEL 8] ]></STATEMENT> 


[CDATA [S] 


<VALUE>3</VALUE> 
</CRITICALITY> 


<COMMENT><! [CDATA[File/Directory 
] ></COMMENT> 
INT _ONLY>0</USE 


es 


<USE AG 


£ 


AGENT ONLY> 


<AUTO_UPDATE>0</AUTO 


<IGNORE 


UPDATE> 


_ERROR>0</IGNORE_ERROR> 
<IGNORE_ITEM NOT FOUND>0</IGNORE 


<SCAN PARAMETE 


iRS> 


></FILE PATH> 


GI 


> 


7 


ERIOUS] ] ></LAB 


</SCAN_PARAMETERS> 


<TECHNOLOGIES 
<TECHNO 


total="1"> 


OGY> 


<ID>217</ID> 


<NAME>Red Hat 


>false</V></DP></CTRL></EVALUATE> 


Existence-this 


<RATIONAL 


is 


1 
value]]></RATIONALE> 


Existence - 


ITEM NOT FOUND> 


ESCRIPTION> 


Enterprise Linux 8.x</NAME> 
ustom.file dir exist.1007080</K><L>2</L><V 


E><! [CDATA[File/Directory 
n rationale section under default 


<REMEDIATION><! [CDATA[] ]></REMEDIATION> 
<DATAPOINT> 
<CARDINALITY>no cd</CARDINALITY> 


<OPERATOR>no op</OPERATOR> 


<DEFAULT VALUES total="1"> 
<DEFAULT_VALUE>true</DEFAULT VALUE> 
</DEFAULT_VALUES> 
</DATAPOINT> 
</TECHNOLOGY> 
</TECHNOLOGIES> 
<REFERENCE LIST/> 
</USER_DEFINED CONTROL> 
</SECTION> 
</SECTIONS> 
</POLICY> 
</RESPONS 
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</POLICY EXPORT OUTPUT> 


Sample: Export policy with Unix File Content Controls when Evaluate as string is 
enabled 


API Request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With:curl" -X POST -q 
"action=export&id=3721621&show_user_controls=1" 


"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/" 


XML Output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POLICY EXPORT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 
export _output.dtd"> 
<POLICY EXPORT _OUTPUT> 
<RESPONSE> 
<DATETIME>2021-04-06T11:56:112Z</DATETIME> 
<POLICY> 
<TITLE><! [CDATA [Multiline CHeck Oracle asset]]></TITL 
<EXPORTED><! [CDATA[2021-04-06T11:56:112] ] ></EXPORTED> 
<COVER_PAGE><! [CDATA[] ] ></COVER_PAGE> 
<STATUS><! [CDATA [active] ]></STATUS> 
<TECHNOLOGIES total="2"> 
<TECHNOLOGY> 
<ID>79</ID> 
<NAME>Oracle Enterprise Linux 7.x</NAME> 


eal 
V 


<CRITICALITY> 
<LABEL><! [CDATA[URGENT]]></LABEL> 
<VALUE>5</VALUE> 
</CRITICALITY> 
<COMMENT><! [CDATA[FC UDC]]></COMMENT> 
<USE_AGENT_ONLY>0</USE AGENT ONLY> 
<AUTO_UPDATE>0</AUTO_UPDATE> 
<IGNORE_ERROR>1</IGNORE_ ERROR> 
<IGNORE ITEM NOT FOUND>1</IGNORE ITEM NOT FOUND> 
<SCAN PARAMETERS> 
<FILE_PATH><! [CDATA[/home/testscan/samram] ]></FILE_PATH> 
<FILE QUERY><! [CDATA[.*]]></FILE QUERY> 
<DATA_TYPE>Line List</DATA TYPE> 
<EVALUATE AS STRING>1</EVALUATE AS STRING> 
<DESCRIPTION><! [CDATA[New option enabled 
with line list] ]></DESCRIPTION> 


</SCAN_PARAMETERS> 


T 


G 


x= 
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<TECHNOLOGIES total="2"> 
<TECHNOLOGY> 
<ID>79</ID> 
<NAME>Oracle Enterprise Linux 7.x</NAME> 


DTD 
<platform API server>/api/2/fo/compliance/policy/policy_export_output.dtd 
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Compliance Policy - Import 
/api/2.0/fo/compliance/policy/?action=import 


[POST] 


Import a compliance policy, defined in an XML file, into your account. We'll include all the 
service-provided controls from your XML file. You have the option to also include user- 
defined controls. 


Permissions - If you’re not a Manager, the permission to Manage PC module must be 
turned on in your account. 


Input Parameters 


Parameter Description 
action=import Required) 
echo_request={0|1} Optional) Show (echo) the request’s input parameters (names 


and values) in the XML output. When not specified, parameters 
are not included in the XML output. Specify 1 to view parameters 
in the XML output. 


xml_file (Required) The file containing the policy details. 

title={value} Required) The title of the new policy. 

create_user_controls={0|1} Optional) When not specified, user-defined controls are not 
created when you import a policy. Specify 1 to include UDCs from 
the XML file. 


Sample - Import policy 


API request: 
curl -H "X-Requested-With: Curl Sample" -H "Content-type: 
text/xml" --data-binary @policy.xml -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action 
=importé&title=My+Policy" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2017-09-15T21:32:402</DATETIME> 
<TEXT>Successfully imported compliance policy</TEXT> 
<ITEM LIST> 
TEM> 
EY>ID</KEY> 


E 
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[s=] 
V 


<VALUE>136992</VALU 
</ITEM> 
<ITEM> 
<KEY>TITLE</KEY> 
<VALUE>My Policy</VALUI 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


eal 
V 


Sample - Import policy with UDCs having remediation information using xml file 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -H 
Content-Type:text/xml --data-binary 

"@UDC with Remedy 20200422.xm1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action 
=import&title=Policylg&ecreate_ user controls=1" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2020-04-22T22:51:162</DATETIME> 
<TEXT>Successfully imported compliance policy</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>1867541</VALU 
</ITEM> 
<ITEM> 
<KEY>TITLE</KEY> 
<VALUE>Policyl</VALUI 


eal 
V 


[sz 
V 


</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 
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Compliance Policy - Merge 
/api/2.0/fo/compliance/policy/?action=merge 


[POST] 


Merge (combine) 2 or more compliance policies using Qualys Policy Compliance (PC). You 
can choose to merge some or all parts of a new policy into an existing one. Also you can 
preview merge changes before saving them. This API is available to Managers and 
Auditors. 


For example, say you imported a policy from our library (Policy A) and configured it to add 
asset groups, controls and sections. Later we might release an updated version of this 
policy (Policy B) with new controls and technologies. In this scenario you can use the Policy 
Merge API to add the new controls and technologies from Policy B into Policy A (your 
existing policy) without losing the asset groups, controls and sections you added. 


Input Parameters 


The policy merge input parameters give you flexibility with merging different parts of a 
new policy (Policy B) into an existing one (Policy A). For example you can choose to update 
controls with newer definitions, replace asset groups, and add new technologies and 
controls. By default no changes are applied to your existing policy unless parameters are 
specified (see below). 


Parameter Description 

action=merge (Required) 

id={value} (Required) The ID of the policy that will be updated with merged 
content (let’s call this Policy A). 

merge_policy_id={value} (Required) Tell us the policy with the content that will be merged 

-Or- into Policy A (let’s call this Policy B). You can specify a policy ID 

policy XML data using “merge_policy_id” or policy XML data. To upload XML data, 


use this syntax: --data-binary @path_to_xml_file.xml 


These options are mutually exclusive: policy XML data and 
replace_asset_groups. 


replace_cover_page=(0|1} (Optional) Set replace_cover_page=1 to replace the cover page in 
Policy A with the cover page in Policy B. 


replace_asset_groups={0|1} (Optional) Set replace_asset_groups=1 to replace asset groups in 
Policy A with asset groups in Policy B. 


These options are mutually exclusive: add_asset_groups and 
replace_asset_groups. 


add_asset_groups={0|1} (Optional) Set add_asset_groups=1 to add new asset groups, i.e. 
add asset groups from Policy B if they are not already present in 
Policy A. 


add_new_technologies= (Optional) Set add_new_technologies=1 to add new technologies, 
{0|1} i.e. add technologies from Policy B if they are not already in Policy 
A. 
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Description 


erge 


add_new_controls={0|1} 


(Optional) Set add_new_controls=1 to add new controls, i.e. add 
controls from Policy B if they are not already in Policy A. 


update_section_heading= 
{0|1} 


(Optional) Set update_section_heading=1 to replace the section 
heading in Policy A with the one in Policy B, based on section 
number (applies only to common sections). 


This parameter must be specified with: add_new_controls or 
update_existing_controls. 


update_existing_controls= 
{0|1} 


(Optional) Set update_existing_controls=1 to replace the common 
controls in Policy A with the ones in Policy B. These are controls 
that exist in both policies. (Controls will not be removed). 


preview_merge=(0|1} 


(Optional) Set preview_merge= 1 to view the changes merged into 
Policy A without saving them. 


DTD 


<platform API server>/api/2.0/fo/compliance/policy/policy_merge_result_output.dtd" 


Policy Merge Request 1 - preview merged policy 


Policy ID 15993 (Policy A) will be updated with content merged from policy ID 15994 (Policy 
B) and the XML output will show the merged policy in preview mode. Policy changes will 
not be saved in Policy 15993 since the request includes “preview_merge=1”. 


API request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" 


"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/? 
action=merge&id=15993&merge policy id=15994&éreplace cover page=léa 


dd_new_asset_ gro 


ups=l&add_new_technologies=l&update section headin 


g=l&add_new_controls=léupdate existing controls=lé&preview merge=1" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE POLICY MERGE RESULT OUTPUT SYSTEM 


"https://qualysapi 


merge result_o 


utput.dtd"> 


<POLICY MERGE 


RESULT _OUTPUT> 


<RES PONSE> 


<DATETIME>2018-04-24T05:28:042Z</DATETIME> 


<POLICY ME 


RGE RESULT> 


<NOTE>Policy changes were not merged or saved since the 
request had preview merge=1.</NOTE> 


<NEW_COV 


<ASSET G 
<ASSET 


<ID>424422</ID> 
E><! [CDATA[<script>alert ("xss") ;</script>] ]></NAMI 


ROUPS ADDED> 
GROUP> 


.qualys.com/api/2.0/fo/compliance/policy/policy_ 


ER PAGE><! [CDATA[My Cover Page] ]></NEW COVER PAGE> 
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</ 
<T 


</ 
</PO 


</ASSET_GROUP> 
<ASSET_GROUP> 
<ID>424577</ID> 


</ASSET G 
ASSET GRO 
ECHNOLOGI 


ROUP> 
UPS ADDED> 


ES ADDED> 


<TECHNOLOGY> 


< 
< 


</ T! 


ID>1</ID> 
NAME>Windows XP desktop</NAMI 
CHNOLOGY> 


<SECTION> 


<SECTION> 


ECTIONS> 
<SECTION> 


TECHNOLOGIES ADDED> 
ECTIONS UPDATED> 


ID>1</ID> 
HEADING><! [CDATA[First section] ] ></HEADING> 
ECTION> 


ID>2</ID> 

HEADING><! [CDATA[Second section] ]></HEADING> 
</SECTION> 
SECTIONS UPDATED> 


<ID>1</1ID> 
<CONTROLS UPDATED 


<CONTROL> 


E 


<ID>1061</ID> 
</CONTROL> 


</CONTROLS UPDATE 


< 


</SECTION> 


<SECTION> 


<ID>2</ID> 


<CONTRO 


.S_ADDED> 


<CONTROL> 
<ID>1045</ID> 
</CONTROL> 
<CONTROL> 
<ID>1048</ID> 
</CONTROL> 
</CONTROLS ADDED> 
</SECTION> 


SECTIONS> 


E RESULT> 


LICY MERG 


</RESP 


ONSE> 


> 
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<NAME><! [CDATA[10.10.32.26]]></NAME> 
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</POLICY MERGE RESULT OUTPUT> 


Policy Merge Request 2 - save merged policy 


Policy ID 15993 (Policy A) will be updated with content merged from policy ID 15994 (Policy 
B). The merged policy will be saved in policy 15993. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/? 
action=merge&id=15993&merge policy id=15994&éreplace cover page=léa 
dd new asset_groups=1&add new technologies=l&update section headin 
g=l&add_new_controls=lé&éupdate existing controls=l&preview merge=0" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POLICY MERGE RESULT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 
merge result output.dtd"> 
<POLICY MERGE RESULT OUTPUT> 
<RESPONSE> 
<DATETIME>2018-04-24T05: 31:26Z</DATETIME> 
<POLICY MERGE RESULT> 
<NOTE>Policy changes have been merged successfully.</NOTE 
<NEW_COVER_PAGE><! [CDATA [My Cover Page] ]></NEW_COVER_PAGE 
<ASSET GROUPS ADDED> 
<ASSET_GROUP> 
<ID>424422</ID> 


Vv 


Vv 


</POLICY MERGE RESULT> 
</RESPONSE> 
</POLICY MERGE RESULT OUTPUT> 


Policy Merge Request 3 - pass policy XML, preview merged policy 


Policy ID 15993 (Policy A) will be updated with content merged from the policy defined in 
the file “path_to_policy_xml_file.-xml.” The merged changes will not be saved in policy 
15993 since the request includes “preview_merge=1”. 


API request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: curl" -H 
"Content-type: text/xml" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/? 
action=merge&id=15993&replace cover page=lé&replace asset groups=1& 
add new technologies=lé&update section heading=lé&add_ new controls=1 
é&update existing controls=lé&preview merge=1" --data-binary 
@/home/aamin/PC_XML/path_to policy xml_file.xml> 
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XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POLICY MERGE RESULT OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_ 
merge result output.dtd"> 
<POLICY MERGE RESULT OUTPUT> 
<RESPONSE> 
<DATETIME>2018-04-24T05:38:26Z</DATETIME> 
<POLICY MERGE RESULT> 
<NOTE>Policy changes were not merged or saved since the 
request had preview merge=1.</NOTE> 
<NEW_COVER_PAGE><! [CDATA [My Cover Page] ]></NEW_COVER_PAGE> 
<SECTIONS UPDATED> 
<SECTION> 
<ID>1</ID> 
<HEADING><! [CDATA[First section] ]></HEADING> 
</SECTION> 
<SECTION> 
<ID>2</ID> 
<HEADING><! [CDATA [Second section] ]></HEADING> 
</SECTION> 
</SECTIONS UPDATED> 
<SECTIONS> 
<SECTION> 
<ID>1</ID> 
<CONTROLS UPDATED> 
<CONTROL> 
<ID>1061</ID> 
</CONTROL> 
</CONTROLS_UPDATED> 
</SECTION> 
<SECTION> 
<ID>2</ID> 
<CONTROLS ADDED> 
<CONTROL> 
<ID>1045</ID> 
</CONTROL> 
<CONTROL> 
<ID>1048</ID> 
</CONTROL> 
</CONTROLS_ADDED> 
</SECTION> 
</SECTIONS> 
</POLICY MERGE _RESULT> 


x] 


E 


7 
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</RESPONS 


E> 


</POLICY M 


F 


,RGE 


ESULT_OUTPUT> 
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Compliance Policy - Manage Asset Tags 
/api/2.0/fo/compliance/policy/ 
[POST] 


Add, remove, and set asset tags for a policy. You must have permission to modify the 
policy you want to update. 


Add asset tags to policy 

Use this action to add asset tags to the policy. When specified, we will check whether the 
asset tags specified in the request are already associated with the policy and only add the 
asset tags that are new to the policy. 


Parameter Description 

action=add_asset_tags Required) 

id={value} Required) Policy ID for the policy you want to update. 
evaluate_now={0|1} Optional) Specify evaluate_now=1 to immediately evaluate the 


policy against assigned assets, and select the Evaluate Now 
check box in the UI Policy Editor. When this check box is selected 
we'll start policy evaluation each time you save changes to the 
policy from the UI or API. 


tag_include_selector={all| Optional) Select “any” (the default) to include hosts that match 

any} at least one of the selected tags. Select “all” to include hosts that 
match all of the selected tags. 

tag_exclude_selector={all| Optional) Select “any” (the default) to exclude hosts that match 

any} at least one of the selected tags. Select “all” to exclude hosts that 


match all of the selected tags. 


tag_set_by={idjname} (Optional) Specify “id” (the default) to select a tag set by providing 
tag IDs. Specify “name” to select a tag set by providing tag names. 
tag_set_include={tag id| (Optional) Specify a tag set to include. Hosts that match these 
name} tags will be included. You identify the tag set by providing tag 
name or IDs. Multiple entries are comma separated. 
tag_set_exclude=(tag id| (Optional) Specify a tag set to exclude. Hosts that match these 
name} tags will be excluded. You identify the tag set by providing tag 


name or IDs. Multiple entries are comma separated. 


API request: 
curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 
-d "id=4201701&tag_ set _include=118766028&tag include selector=all 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action 
=add_asset_ tags" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


684 


Compliance 
Compliance Policy - Manage Asset Tags 


' SIMPLE RETURN SYSTEM 


"https://q 


lysapi.qualys.com/api/2.0/simple return.dtd"> 
RN> 


ETIME>2022-01-19T06:35:40Z</DATETIME> 
EXT>Compliance Policy successfully modified.</TEXT> 
JETSI 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>4201701</VALUE> 
</ITEM> 


Removing asset tags from policy 


Use this action to remove asset tags from the policy. 


Parameter 


Description 


action=remove_asset_tag 


S 


Required) 


Note: With the remove_asset_tags action, you must set either 
tag_set_include or tag_set_exclude parameter, or both the 
parameters. 


id=fvalue} 


Required) Policy ID for the policy you want to update. 


evaluate_now={0|1} 


Optional) Specify evaluate_now=1 to immediately evaluate the 
policy against assigned assets, and select the Evaluate Now 
check box in the UI Policy Editor. When this check box is selected 
we'll start policy evaluation each time you save changes to the 
policy from the UI or API. 


tag_include_selector={all| 


any} 


Optional) Select “any” (the default) to include hosts that match at 
east one of the selected tags. Select “all” to include hosts that match 
all of the selected tags. 


7 


tag_exclude_selector={all 


lany} 


Optional) Select “any” (the default) to exclude hosts that match at 
east one of the selected tags. Select “all” to exclude hosts that match 
all of the selected tags. 


1 


tag set_by=[id|name) 


Optional) Specify “id” (the default) to select a tag set by providing tag 


Cot 


IDs. Specify “name” to select a tag set by providing tag names. 


tag_se 
idjnam 


t_include={tag 


Optional) Specify a tag set to include. Hosts that match these tags 
will be included. You identify the tag set by providing tag name or 
IDs. Multiple entries are comma separated. 


tag_set_exclude={tag 


idjnam 


Optional) Specify a tag set to exclude. Hosts that match these tags 
ill be excluded. You identify the tag set by providing tag name or 
Ds. Multiple entries are comma separated. 


g 


— 
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API Request: 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" 

-d "id=4201701&tag_set_include=118766028&tag_ include selector=all 

"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action 
=remove_asset_tags" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple_return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2022-01-19T06:35:40Z</DATETIME> 
<TEXT>Compliance Policy successfully modified.</TEXT> 
<ITEM LIST> 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>4201701</VALU 
EM> 
| LIST> 
E> 
RN> 


?> 


ES 


GI 


</R 
</SIMPLE 


Set asset tags for policy 


Use this action to overwrite the asset tags for a policy. Any assigned asset tags not 
specified in the request will be removed from the policy. 


Parameter 


Description 


action=set_asset_tags 


Required) 


id={value} 


Required) Policy ID for the policy you want to 


update. 


evaluate_now={0|1} 


Optional) Specify 
policy agains 
check box in the UI Policy Editor. Wh 
we'll start policy evaluation 
policy from the UI or API. 


evaluate_now=1 to immediately evaluate the 

t assigned assets, and select the Evaluate Now 

en this check box is selected 
each time you save changes to the 


tag_include_selector={all| (Optional) Select “any” (the default) to include hosts that match at 

any} least one of the selected tags. Select “all” to include hosts that match 
all of the selected tags. 

tag_exclude_selector={all (Optional) Select “any” (the default) to exclude hosts that match at 

jany} least one of the selected tags. Select “all” to exclude hosts that match 
all of the selected tags. 


tag_set_by={id|name} 


Optional) Specify “id” ( 


— 


the default) to select a tag set by providing tag 


Ds. Specify “name” to select a tag set by providing tag names. 
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Description 


tag_set_include={tag 


idjname} 


(Optional) Specify a tag set to include. Hosts that match these tags 
will be included. You identify the tag set by providing tag name or 
IDs. Multiple entries are comma separated. 


tag_set_exclude=({tag 


idjname} 


(Optional) Specify a tag set to exclude. Hosts that match these tags 
will be excluded. You identify the tag set by providing tag name or 
IDs. Multiple entries are comma separated. 


API Request: 


curl -u 


"USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X "POST" 


-d "id=4201701&tag set _include=118766028&tag include selector=all 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action 
set tags" 


=set_as 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE SIM 


"https: 


PLE RETURN SYSTEM 


<SIMPLE 


<RES PONSE> 


//qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<DATETIME>2022-01-19T06: 28: 302Z</DATETIME> 
<TEXT>Compliance Policy successfully modified.</TEXT> 
<ITEM LISTS 
<ITEM> 
<KEY>ID</KEY> 
<VALUE>4201701</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE_ RETURN> 
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Compliance Policy - Manage Asset Groups 
/api/2.0/fo/compliance/policy/ 
[POST] 


Add, remove and set asset groups for a policy. You must have permission to modify the 
policy you want to update. 


Add asset group IDs to policy 


Parameter Description 


action=add_asset_group_id (Required) 
s 


id={value} Policy ID for the policy you want to update. 


asset_group_ids={value} Asset groups IDs for the asset groups you want to add to the 
policy specified in “id”. Multiple IDs are comma separated. Each 
asset group must have at least 1 assigned IP address. 


evaluate_now={0|1} (Optional) Specify evaluate_now=1 to immediately evaluate the 
policy against assigned assets, and select the Evaluate Now 
check box in the UI Policy Editor. When this check box is selected 
we'll start policy evaluation each time you save changes to the 
policy from the UI or API. 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWD" -X POST -d 
"1d=43400éasset_ group ids=649737, 649736" 
"https://qualysapi.qualys.com//api/2.0/fo/compliance/policy/?actio 
n=add asset group ids" 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2014-09-11T09:06:172Z</DATETIME> 
<TEXT>Compliance Policy successfully modified.</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>43400</VALU 


eal 
V 


</ITEM LIST> 
</RESPONSE> 
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Remove asset group IDs from policy 


Parameter 


Description 
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action=remove_asset_group 
_ids 


Required) 


id={value} 


Policy ID for the policy you want to update. 


asset_group_ids= 
{value} 


Asset groups IDs for the asset groups 
the policy specified in “id”. Multiple IDs are comma separated. 


you want to delete from 


evaluate_now={0|1} 


policy from the UI or API. 


(Optional) Specify evaluate_now=1 to immediately evaluate the 
policy against assigned assets, and select the Evaluate Now 
check box in the UI Policy Editor. When this check box is selected 
we'll start policy evaluation each time you save changes to the 


API request: 


curl -H "X-Requested-With: 


eurk™ =ü 


"US 


-X POST -d 


ERNAME : PASSWD" 


"1d=43400éasset group ids=649737, 649736" 
"https://qualysapi.qualys.com//api/2.0/fo/compliance/policy/?actio 
n=remove asset group ids" 


XML output: 


<?xml version="1.0" encoding="UTF-8" 


<!DOCTYPE SIMPL 


E RETURN SYSTEM 


"https: / 
<SIMPLE RETU 
<RESPONSE> 
<DAT 

<T 
<ITEM 


<ITl 


RN> 


IST> 
M> 


LU] 
EM> 


E> 


KEY>ID</KEY> 
E>43400</VALU 


?> 


ETIME>2014-09-11T09:06:17Z</DAT 


/qualysapi.qualys.com/api/2.0/simple return.dtd"> 


ETIME> 


(sal 
V 


RSS 


RETURN> 
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EXT>Compliance Policy successfully modified.</TEXT> 
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Set asset group IDs for policy 


Use this action to reset the asset groups for a specified policy. Any assigned asset groups 
not specified in this request will be removed. 


Parameter Description 


action=set_asset_group_ids (Required) 


id={value} Policy ID for the policy you want to update. 


asset_group_ids={value} Asset groups IDs for the asset groups you want to assign to the 
policy specified in “id”. Multiple IDs are comma separated. Each 
asset group must have at least 1 assigned IP address. 


evaluate_now=(0|1} (Optional) Specify evaluate_now=1 to immediately evaluate the 
policy against assigned assets, and select the Evaluate Now check 
box in the UI Policy Editor. When this check box is selected we'll 
start policy evaluation each time you save changes to the policy 
from the UI or API. 


API request: 
curl -H "X-Requested-With: curl" -u "USERNAME: PASSWD" -X POST -d 
"1d=43400éasset_ group ids=649737, 649736" 
"https://qualysapi.qualys.com//api/2.0/fo/compliance/policy/? 
action=set asset group ids" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 
"https://qualysapi.qualys.com/api/2.0/simple return.dtd"> 
<SIMPLE RETURN> 
<RESPONSE> 
<DATETIME>2014-09-11T09:07:432Z</DATETIME> 
<TEXT>Compliance Policy successfully modified.</TEXT> 
<ITEM LIST> 
<ITE 
<KEY>ID</KEY> 
<VALUE>43400</VALU 


eal 
Vv 
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Compliance Posture Information 


The Policy Compliance APIs help you gain the essential insight into the compliance 
posture of the hosts within your account. Qualys PC provides you with the following two 
types of APIs to fetch posture data: 


- PC Posture Information APIs 
- PC Posture Streaming APIs 


Depending on the size of your posture data, you may choose to use the PC Posture 
Information APIs or the PC Posture Streaming APIs. 


We recommend that you leverage the Posture Streaming APIs if you want to download 
more than 1 million postures, as they provide you a faster way to retrieve larger amount of 
posture information. The Posture Streaming APIs also has the ability to filter data based 
on the desired input entered by the user. If your posture information is expected to be less 
than 1 million, use the PC Posture Information APIs. 


Refer the following KB article for recommendations on retrieving compliance posture 
information: 


Compliance Posture Data Retrieval Best Practices 


PC Posture Information APIs 
/api/2.0/fo/compliance/posture/info/?action=list 
[GET] [POST] 


Each compliance posture info record includes a compliance posture ID and other 
attributes. Optional input parameters support filtering the posture info record output. 


Each compliance posture info record in the output includes: 


Output Description 

Compliance Posture ID The service assigns a unique value to each compliance posture 
info record. 

Host ID Identifies a host. 

Control ID Identifies a technical control. 

Technology ID Identifies a technology. 

Instance Identifies a technology instance, when applicable. 

Compliance Status Passed, Failed or Error. An error, only assigned to a custom 
control, indicates control evaluation failed (and the ignore errors 


configuration option for the control was not selected). 


Evaluation Date The last posture evaluation date. 


First Fail Date The first scan date when the control was reported as Fail. If the 
previous status was Pass then this is the date the status changed 
from Pass to Fail. 


Last Fail Date The most recent scan date when the control was reported as Fail. 
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Output Description 


First Pass Date [he first scan date when the control was reported as Pass. If the 
previous status was Fail then this is the date the status changed 


from Fail to Pass. 


Last Pass Date The most recent scan date when the control was reported as Pass. 


Previous Status [he compliance status (Pass or Fail) for each control before the 


most recent compliance scan. 


Exception Identifies an exception assignee and status, if an exception has 
been created. 


The user has the ability to select the amount of information to include in the posture 
information output. By default, basic posture information is included: the posture ID, host 
ID, control ID, technology ID, technology instance (when applicable), and the compliance 
status. If an exception has been created, this full exception information is also included: 
the exception assignee and status, the date/time when the exception was created, when it 
was last modified, the user who took these actions on the exception, and the date when 
the exception is set to expire. A glossary of compliance posture information identifies: 
basic host information and basic control information. 


Use the details input parameter to select another level of detail to be included in the 
policy information output. 


By default, the posture information output shows posture information for all hosts 

(IP addresses) in asset groups assigned to the selected policy, provided the user has 
permission to view the hosts themselves. If you have a sub-account like a Unit Manager, 
Scanner or Reader, the posture information output only includes hosts that the account 
has permission to see. 


Best Practices 


You can reduce the amount of data being retrieved by only pulling the data that is 
required for the downstream processes. For example, only download the delta of the 
changes in posture since the last pull. This can be done using optional input parameters 
which allow you to set filters to restrict the posture information output to postures info 
records with certain IP addresses, host IDs, compliance control IDs, compliance posture 
IDs, posture info records with changes in status since a specified date, and posture info 
records with a certain compliance status (Passed, Failed or Error). 
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The optional glossary in the compliance posture information output includes: 


Output Description 


User List List of users who created, modified, or added comments to 
exceptions in compliance posture info records which are 
included in the posture information output. For a policy that was 
edited, the user who most recently edited the exception is listed. 


Host List List of hosts in compliance posture info records which are 
included in the posture information output. This basic host 
information is included: host ID, IP address, and tracking 
method. When details=All is specified, this additional 
information is included: last vulnerability scan date/time, last 
compliance scan date/time. 


Control List List of controls in compliance posture info records which are 
included in the posture information output. When details=All is 
specified, this additional information is included: rationale 
information and technology information for each control. 


Technology List List of technologies for controls in compliance posture info 
records which are included in the posture list output. This 
information is included only when details=All is specified. 


Evidence List List of evidence information for control data points. 


Maximum Postures per API Request 


The output of the Compliance Posture Info API is paginated when your API request 
identifies a single policy to report on using the “policy_id” input parameter. In this case, a 
maximum of 5,000 posture info records are returned per request by default. You can 
customize the page size (i.e. the number of posture info records) by using the parameter 
“truncation_limit=10000” for instance if you want to return pages with 10,000 records. 


Permissions 


Note: The Posture Info API is available as part of one of the following subscription 
combinations only: 


- PC and API add-on 
- PC, SCA, and API add-on 
- VMDR, SCA, and API add-on 


All users have permission view posture information for hosts (IP addresses) in asset 
groups assigned to the selected policy, when the hosts are available to the user based on 
user account settings. 


User Role Permissions 


Manager View compliance postures for all hosts (IP addresses) in asset 
groups assigned to the selected policy. 


Auditor View compliance postures for all hosts (IP addresses) in asset 
groups assigned to the selected policy. 
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User Role Permissions 
Unit Manager View compliance postures for all hosts (IP addresses) in asset 
groups assigned to the selected policy, when the hosts are 

included in the user's business unit. 


Scanner View compliance postures for all hosts (IP addresses) in asset 
groups assigned to the selected policy, when the hosts are 
included in the user's account. 


Reader View compliance postures for all hosts (IP addresses) in asset 
groups assigned to the selected policy, when the hosts are 
included in the user's account. 


User Permissions: Asset Group IPs 


All users have permission to view posture information for all hosts (IP addresses) in the 
asset groups assigned to the selected policy provided they have permission to view the 
hosts themselves. This permission is granted even when users do not have permission to 
view the asset groups assigned to the policy. 


For example, when a user makes a request for compliance posture information for “Policy 
A” and this policy has one assigned asset group “Hong Kong”, and the user does not have 
permission to view this asset group, then the user does have permission to view 
compliance posture info records for all the IP addresses in the asset group “Hong Kong” 
provided the IP addresses in the group “Hong Kong” are visible to the user. 
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Parameter 
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Description 


action=list 


(Required) 


policy_id={value} 


policy_id or policy_ids is required) Show compliance posture 
info records for a specified policy. A valid policy ID is required. 


The parameters policy_id and policy_ids cannot be specified in 
the same request. 


policy_ids={value} 


policy_id or policy_ids is required) Show compliance posture 
info records for multiple policies - up to 10 policies may be 
requested. Provide a comma-separated list of valid policy IDs. 
When this parameter is specified, all posture data is downloaded 
and the “truncation_limit” parameter is invalid). 


The parameters policy_id and policy_ids cannot be specified in 
the same request. When policy_ids is specified, truncation_limit 
is invalid. For CSV output, policy_id must be specified (and 
policy_ids is invalid). 


echo_request={0|1} 


Optional) Show (echo) the request’s input parameters (names 
and values) in the XML output. When not specified, parameters 
are not included in the XML output. Specify 1 to view parameters 
in the XML output. 


output_format={value} 


Optional) The output format. A valid value is: xml (default), csv 
posture data and metadata, i.e. summary and warning data), 
csv_no_metadata (posture data only, no metadata). For CSV 
output, you can include only one policy. For this reason, policy_id 
is required. 


details={Basic|All|None| 
Light} 


Optional) Show a certain amount of information for each 
compliance posture info record. A valid value is: 


None - show posture info and minimum exception information 
assignee and status) if appropriate 


Basic (default) - show posture info, full exception information if 
appropriate, and a minimum glossary (basic info for hosts and 
controls) 


Light - show posture info, exception info if appropriate, and a 
limited glossary (host info and last scan date/time, control ID, 
and evidence info 


All - show posture info (including the percentage of controls that 
passed for each host), exception info if appropriate, posture 
summary (the number of assets, controls, and control instances 
evaluated) and a glossary (host info and last scan date/time), 
control info, technology info, evidence info 


When hide_evidence=1 is specified in the same request as 
details=All or details=Light, then evidence info will not be shown 
in the output. 
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hide_evidence={0|1} 


evidence information 


Optional when details=All or details=] 
evidence information in the output. When set to 0 or unspecified, 


is shown in the output. 


Light) Set to 1 to hide the 


show_extended_evidence={ 
0|1} 


when unspecified, ext 


Optional when details=All or details= 
extended evidence information in the 


ended evidence 


show_extended_evidence=1 in the same request as 


hide_evidence=1. This 
a part of the evidence 
data is shown. 


will result in an Extended 


data and 


LITOT. 


Light) Set to 1 to show 

output. When set to 0 or 
information is not shown 
in the output. Note: You cannot specify 


evidence is 


it's shown only when evidence 


include_dp_name={value} 


Optiona 


Show the name and ID for each data point 
output. This is useful for uniquely identifying data points. 


in the XML 


show_remediation_info={0|1} 


Optional 
CSV output. By defaul 


information is not inc 


Set to 1 to show remediation information in 
t, the output does not include the 
remediation information. When not specified, the rem 


uded in the output. 


the XML or 


ediation 


cause_of_failure={0|1} 


Optiona 
Integrity Monitoring U 


Set flag to 1 


DCs (user defined controls). Wh 


to display the cause of failure of Directory 


en set to 0 


or unspecified, cause of failure is not displayed for these UCDs. 
When set to 1 and Directory Integrity Monitoring UDC control 


failed assessment, cause of fai 
response, i.e. added, removed di 


ure info is shown 


in XML 
rectories, directories where 


content changed, permissions changed etc. 


truncation_limit={value} 


(Optional) The parameter is va 


id only when the API request is for 


a single policy and the policy_id parameter is specified. 


By default, a limit of 5,000 pos 


ture info records are returned per 


request (when “policy_id” is specified). You may specify a value 
less than the default (1-4999) or greater than the default (5001- 
1000000) to configure the number records returned per request. 


If the requested list identifies more records than the truncation 
limit, then the XML output includes the <WARNING> element 
and the URL for making another request for the next batch of 


records. 


You can specify truncation_limit=0 for no 
means that the output is not pagi 


truncation limit. This 


nated and all the records are 


returned in a single output. WARNING: This can generate very 
large output and processing large XML files can consume a lot of 


resources on the client side. In th 


s case it 


s recommended to use 


the pagination logic and parallel processing. The previous page 


can be processed while 


the next page is being downloaded. 


ips={value} 


(Optional) Show only compliance 
have cer 


compliance hosts which 


posture 
tain IP addresses/ranges. One or 


info records for 


more IP addresses/ranges may be specified. Multiple IPs/ranges 


are comma separated. 
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host_ids={value} 


(Optiona 


Show only compliance posture info records for 
compliance hosts which have certain host IDs and/or 


D ranges. 


One or more host IDs/ranges may be specified. Multiple entries 
are comma separated. A host ID range entry is specified with a 
hyphen (for example, 123-125). Valid host IDs are required. 


control_ids={value} 


(Optiona 


Show only compliance posture info records for 


controls which have certain control IDs and/or ranges. One or 
more control IDs/ranges may be specified. Multiple entries are 


comma separated. An control 


D range entry is specified with a 


hyphen (for example, 1200-1300). Valid control IDs are required. 


ids={value} 


(Optiona 


Show only compliance posture info records for certain 


compliance posture IDs and/or ID ranges. One or more posture 


IDs/ranges may be specified. Multiple 
separated. A posture ID range entry is 


entries are comma 
specified with a hyphen 


(for example, 1-10). Valid posture IDs are required. 


id_min={value} 


(Optiona 


Show only compliance posture info records which 


have a minimum ID value. A valid posture ID is required. 


id_max={value} 


(Optiona 


Show only compliance posture info records which 


have a maximum ID value. A valid posture ID is required. 


status_changes_since= 
date} 


Optiona 
compliance status was changed since 
optional). If the policy itself was chan 


DD[THH:MM:SSZ] format (UTC/GMT), 
05-01T23:12:002”. 


Show compliance posture info records when the 


a certain date and time 
ged, a warning message is 


generated. The date/time is specified in YYYY-MM- 


like “2008-05-01” or “2008- 


evaluation_date={date} 


(Optional) Show compliance posture info records when the 
posture evaluation date is equal to or greater than a certain date 


and time (optional). The date/time is s 
DD[THH:MM:SSZ] format (UTC/GMT), 
04-01T23:12:002”. 


pecified in YYYY-MM- 
like “2021-04-01” or “2021- 


asset_group_ids={value} 


(Optional) Show only hosts in certain asset groups. Provide a 


comma-separated list of asset group I! 


Ds for the asset groups you 


want to download compliance posture data for. The asset groups 
specified do not need to be assigned to the one or more policies 
requested. Posture data will be returned as long as there are 


common hosts specified by “asset_gro 
that are assigned to the policies reque 


up_ids” and asset groups 
sted. 


status={Passed|Failed|Error} 


(Optional) Show only compliance post 


ure info records which 


have a posture status of Passed, Failed or Error. By default, 


records with the status Passed, Failed 


and Error are listed. 
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Description 


criticality_labels={value} 


(Optional) Show only compliance posture info records for 
controls which have certain criticality labels. One or more 
criticality labels (e.g. SERIOUS, CRITICAL, URGENT) may be 
specified. Multiple entries are comma separated. 


Note - This parameter is not available to VMDR SCA customers 
using this API. This is because SCA customers do not have access 
to the Controls tab in the UI. 


The parameters criticality_labels and criticality_values cannot be 
specified in the same request. 


criticality_values={value} 


(Optional) Show only compliance posture info records for 
controls which have certain criticality values. One or more 
criticality values (0-5) may be specified. Multiple entries are 
comma separated. 


The parameters criticality_labels and criticality_values cannot be 
specified in the same request. 


tag_set_by={id|jname} 


Optional) Specify “id” (the default) to select a tag set by providing 
tag IDs. Specify “name” to select a tag set by providing tag names. 


tag_include_selector= 
{alljany} 


Optional) Select “any” (the default) to include hosts that match 
at least one of the selected tags. Select “all” to include hosts that 
match all of the selected tags. 


tag_exclude_selector= 
{alljany} 


Optional) Select “any” (the default) to exclude hosts that match 
at least one of the selected tags. Select “all” to exclude hosts that 
match all of the selected tags. 


tag_set_include={value} 


Optional) Specify a tag set to include. Hosts that match these 
tags will be included. You identify the tag set by providing tag 
name or IDs. Multiple entries are comma separated. 


tag_set_exclude={value} 


Optional) Specify a tag set to exclude. Hosts that match these 
tags will be excluded. You identify the tag set by providing tag 
name or IDs. Multiple entries are comma separated. 


filter_hosts={0|1} 


Optional) A Manager or Auditor user can specify filter_hosts=1 to 
improve performance. The API will skip calling the tag resolution 
service and directly check the host IDs for the policy. The default 
value is 0. 


DTD 


<platform API server>/api/2.0/fo/compliance/posture/info/posture_info_list_output.dtd 


Sample - Posture Info filtered by evaluation date 


In this example, we re filtering the output by an evaluation date of 2021-03-05. The XML 
output will only include info records with an evaluation date equal to or greater than 


March 5, 2021. 
API request: 
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curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d 
"action=list&policy id=3318470édetails=Basicéoutput format=xmlçeva 
luation date=2021-03-05" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/" 


XML Response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POSTURE INFO LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/p 
osture info list _output.dtd"> 
<POSTURE INFO LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2021-04-07T21:59:40Z</DATETIME> 
<INFO_LIST> 
<INFO> 
<ID>10911451</ID> 
<HOST_ID>3077710</HOST_ID> 
<CONTROL ID>1071</CONTROL_ID> 
<TECHNOLOGY_ ID>43</TECHNOLOGY ID> 
<INSTANCE></ INSTANCE> 
<STATUS>Passed</STATUS> 
<POSTURE MODIFIED DATE>2020-11- 
03T07:12:32Z2</POSTURE_ MODIFIED _DATE> 
<EVALUATION DATE>2021-04-05T20:36:212Z</EVALUATION DATE> 
<PREVIOUS STATUS>Passed</PREVIOUS STATUS> 
<FIRST FAIL DATE>N/A</FIRST FAIL DATE> 
< 
< 


LAST FAIL DATE>N/A</LAST FAIL _DATE> 
FIRST PASS DATE>2020-11-03T07:12:32Z2</FIRST PASS DATE> 
<LAST_PASS_DATE>2021-04-05T20:36:22Z</LAST PASS DATE> 
</INFO> 
<INFO> 
<ID>10911452</ID> 
<HOST_ID>3077710</HOST_ID> 
<CONTROL_ID>1113</CONTROL_ID> 
<TECHNOLOGY_ID>43</TECHNOLOGY_ID> 
<INSTANCE></ INSTANCE> 
<STATUS>Fai led</STATUS> 
<POSTURE_MODIFIED_DATE>2020-11- 
03T07:12:32Z2</POSTURE_ MODIFIED DATE> 
EVALUATION DATE>2021-04-05T20:36:21Z</EVALUATION DATE> 
PREVIOUS _STATUS>Failed</PREVIOUS_STATUS> 
RST_FAIL DATE>2020-11-03T07:12:32Z</FIRST FAIL DATE> 
LAST FAIL DATE>2021-04-05T20:36:22Z</LAST_ FAIL DATE> 
RST_PASS DATE>N/A</FIRST_ PASS DATE> 
<LAST_PASS_DATE>N/A</LAST_PASS_DATE> 
</INFO> 


a 


p” 


A AA. A... A... A 
nj 
H 


rj 
H 


x 
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<INFO> 
<ID>10911479</ID> 
<HOST_ID>4640713</HOST_ID> 
<CONTROL_ID>1048</CONTROL_ID> 
<TECHNOLOGY_ID>21</TECHNOLOGY_ID> 
<INSTANCE></ INSTANCE> 
<STATUS>Passed</STATUS> 

<POSTURE MODIFIED DATE>2020-11- 

03T07:12:33Z</POSTURE MODIFIED DATE> 

<EVALUATION_DATE>2021-03-05T21:35:00Z</EVALUATION_DATE> 

<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS> 

<FIRST_ FAIL DATE>N/A</FIRST_ FAIL DATE> 

< 

< 


LAST FAIL DATE>N/A</LAST FAIL DATE> 
FIRST PASS DATE>2020-11-03T07:12:33Z</FIRST PASS DAT 
<LAST PASS DATE>2021-03-05T21:35:00Z</LAST PASS DATE> 
</INFO> 
<INFO> 
<ID>10911480</ID> 
<HOST_ID>4640713</HOST_ ID> 
<CONTROL_ID>1071</CONTROL ID> 
<TECHNOLOGY ID>21</TECHNOLOGY ID> 
<INSTANCE></ INSTANCE> 
<STATUS>Passed</STATUS> 
R 
P 


eal 
V 


<POSTURE MODIFIED DATF>2020-11- 
03T07:12:33Z</POSTURFE MODIFIED DATE> 
<EVALUATION_DATE>2021-03-05T21:35:00Z</EVALUATION_DATE> 
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS> 

<FIRST_ FAIL DATE>N/A</FIRST FAIL DATE> 
< 
< 


LAST FAIL DATE>N/A</LAST FAIL DATE> 

FIRST PASS DATE>2020-11-03T07:12:33Z</FIRST PASS DAT 
<LAST PASS DATE>2021-03-05T21:35:00Z</LAST_PASS_DATE> 
</ INFO> 


GI 


eal 
V 


Sample - Posture Info with Data Point Name 


Sample API request to uniquely identify Data Points using Name and ID. 


API request: 
curl -H "X-Requested-With: Curl" -u "USERNAME:PASSWORD" -d 
headers.15 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/? 
action=listé&policy id=15472&details=Allé&include dp name=1' 


XML Response: 
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<DPD LIST> 
<DPD> 
<LABEL>:dp 1</LABEL> 
<ID>136</ID> 
<NAME><! [CDATA[Secman.system.clearpageonshut] ]></NAME> 
<DESC><! [CDATA [This Integer value <B>X</B> indicates the 
current status of the setting <B>Shutdown: Clear virtual memory 
pagefile</B> using the registry key path 
<B>HKEY LOCAL MACHINE\System\CurrentControlSet\Control\Session 
Manager\Memory Management\ClearPageFileAtShutdown</B>. A value of 
<B>0</B> indicates the setting is <B>Disabled</B>; a value of 
<B>1</B> indicates the setting is <B>Enabled</B>.]]></DESC> 
</DPD> 


<DPD> 


a 
Lt 
Vv 


<LABEL>:dp_3</LAB 
<ID>1001035</ID> 


Fl 
V 


<NAME><! [CDATA[custom.win group membership.1001035]]></NAM 
<DESC><! [CDATA[IIS IUSR]]></DESC> 
</DPD> 


Sample - Posture Info with database controls 


This applies to database UDCs for Oracle, MSSQL, Sybase, PostgreSQL/Pivotal Greenplum, 
SAP IQ, and IBM DB2. 


When the Posture API output includes database controls, the values returned for the 
database controls are shown in a tabular format. You'll see these elements in the output: 
Header (H), Row (R) and Column (C). 


API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" 
-d "action=list&policy id=1303776édetails=Allé&include_ dp name=1" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/"> 
PosturelInfo. xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POSTURE INFO LIST OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/p 
osture info list _output.dtd"> 
<POSTURE INFO LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2019-05-03T19:24:32Z</DATETIME> 
<INFO_LIST> 
<INFO> 
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<DPV lastUpda 


<V> 

<H> 
<CS< EC 
<C><! [C 
<C><![C 
<C><![C 
<C><'-[C 
<C><![C 
<C><![C 

</H> 

<R> 
<C><![C 
<> l [C 
<C><![C 
<> [e 
<C><![C 
<C><! [C 
<C><![C 

</R> 

<R> 
<C>< [EC 
<C><![C 


helados]]></C> 


<C><![C 
<C><! [C 
<C><! [C 
<C><![C 
<C><! [C 

</R> 

<R> 
<G@ >< Le 
<C><![C 
<C><![C 
<C><![C 
<C><![C 
<C><![C 
<C><! [C 

</R> 


</GLOSSARY> 


</RESPONS 


b> 
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ted="2019-05-03T00:33:142"> 


<LABEL>:dp_2</LABEL> 


DATA [CustomerID] ]></C> 
DATA [CustomerName] ] ></C> 
DATA [ContactName] ] ></C> 
DATA [Address] ]></C> 

DATA [City] ]></C> 

DATA [PostalCode] ] ></C> 
DATA [Country] ]></C> 


DATA[1]]></cC> 

DATA[Alfreds Futterkiste] ]></C> 
DATA[Maria Anders] ]></C> 

DATA [Obere Str. 57]]></C> 

DATA [Berlin] ]></C> 

DATA[12209] ]></c> 

DATA [Germany] ] ></C> 


DATA [2] ]></C> 
DATA[Ana Trujillo Emparedados y 


DATA[Ana Trujillo]]></C> 

DATA[Avda. de la Constitucion 2222]]></C> 
DATA[Mexico D.F.]]></C> 

DATA[05021]]></cC> 

DATA [Mexico] ]></C> 


DATA[3]]></C> 

DATA[Antonio Moreno Taqueria] ]></C> 
DATA[Antonio Moreno] ]></C> 
DATA[Mataderos 2312]]></C> 
DATA[Mexico D.F.]]></C> 

DATA [05023] ]></C> 

DATA [Mexico] ]></C> 


</POSTURE_ INFO LIST OUTPUT> 
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Sample - Posture Info for File Content Check 


API request: 


curl -u "username:password" -H "Content-type: text/xml" -X "POST" -d 
"action=list&echo request=lé&policy id=1758961&details=All&include_ dp name 
=1" "https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/"> 
posture info result.xml 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 

<!DOCTYPE POSTURE INFO LIST OUTPUT SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/p 

osture info list _output.dtd"> 

<POSTURE_INFO LIST OUTPUT> 
<REQUEST> 

<DATETIME>2019-10-14T21:19:572</DATETIME> 
<USER_LOGIN>rey pt11</USER_LOGIN> 


<RESOURCE>https://qualysapi.qualys.com/api/2.0/fo/compliance/postu 
re/info/</RESOURCE> 
<PARAM LIST> 
<PARAM> 
<KEY>action</KEY> 
<VALUE>list</VALU 
</PARAM> 
<PARAM> 
<KEY>echo_request</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
<PARAM> 
<KEY>policy id</KEY> 
<VALUE>1758961</VALU 
</PARAM> 
<PARAM> 
<KEY>details</KEY> 
<VALUE>A11</VALUE> 
</PARAM> 
<PARAM> 
<KEY>include_dp_name</KEY> 
<VALUE>1</VALUE> 
</PARAM> 
</PARAM LIST> 


eal 
V 


[s=] 
V 


<DATETIME>2019-10-14T21:19:57Z</DATETIME> 
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<INFO_LIST> 
<INFO> 
<ID>34544283</ID> 
<HOST_ID>7368441</HOST ID> 
<CONTROL_ID>100006</CONTROL_ID> 
<TECHNOLOGY_ID>75</TECHNOLOGY_ID> 
<INSTANCE></ INSTANCE> 
<STATUS>Passed</STATUS> 
<POSTURE_MODIFIED_DATE>2019-10- 
14T21:15:46Z</POSTURE MODIFIED DATE> 
<EVALUATION_DATE>2019-10-14T21:15:46Z</EVALUATION DATE> 
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS> 
<FIRST_ FAIL DATE>N/A</FIRST_FAIL_DATE> 
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE> 
< 
< 
< 


es 


B 


FIRST PASS DATE>2019-10-14T21:15:46Z</FIRST PASS DAT 
LAST PASS DATE>2019-10-14T21:15:46Z</LAST PASS DATE> 
EVIDENCE> 
<BOOLEAN EXPR><![CDATA[:dp_ 2 contains Stp 2]]></BOOLEAN EXPR> 
<DPV_LIST> 
<DPV lastUpdated="2019-10-14T19:53:412"> 
<LABEL>:dp_2</LABEL> 
<V 
fileName="c:\Agent\user\test2.txt"><! [CDATA[QWEB] ] ></V> 
<TM_REF>@tm_1</TM REF> 
</DPV> 
</DPV_LIST> 
</EVIDENCE> 
</INFO> 
<INFO> 

<ID>34544284</ID> 

<HOST ID>7368441</HOST_ ID> 

<CONTROL ID>100000</CONTROL_ ID> 

<TECHNOLOGY ID>75</TECHNOLOGY ID> 

<INSTANCE></ INSTANCE> 

<STATUS>Failed</STATUS> 

<POSTURE MODIFIED DATE>2019-10- 
14T21:15:46Z</POSTURE MODIFIED DATE> 
<EVALUATION DATE>2019-10-14T21:15:46Z</EVALUATION DATI 
<PREVIOUS STATUS>Failed</PREVIOUS STATUS> 
<FIRST FAIL DATE>2019-10-14T21:15:462Z</FIRST FAIL DAT] 
<LAST FAIL DATE>2019-10-14T21:15:46Z</LAST FAIL DATE> 
< 
< 
< 


eal 
V 


T 


Po 


eal 
V 


ea) 
V 


FIRST PASS DATE>N/A</FIRST PASS DATE> 
LAST PASS DATE>N/A</LAST PASS DATE> 
EVIDENCE> 
<BOOLEAN EXPR><! [CDATA[:dp 1 contains 
Stp_1]]></BOOLEAN_EXPR> E 
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<DPV_LIST> 

<DPV lastUpdated="2019-10-14T19:53:412"> 

<LABEL>:dp_1</LABEL> 
<V fileName="C:\preTest2.txt"><! [CDATA[QW 
<TM_REF>@tm_2</TM_ REF> 
</DPV> 
</DPV_LIST> 

</EVIDENCE> 
</INFO> 
<INFO> 

<ID>34544285</ID> 

<HOST ID>7368441</HOST_ ID> 

<CONTROL ID>100026</CONTROL_ ID> 

<TECHNOLOGY ID>75</TECHNOLOGY ID> 

<INSTANCE></ INSTANCE> 

<STATUS>Passed</STATUS> 
<POSTURE MODIFIED DATE>2019-10- 
14721:15:46Z</POSTURE MODIFIED DATE> 
<EVALUATION DATE>2019-10-14T21:15:46Z</EVALUATION DATE> 
<PREVIOUS STATUS>Passed</PREVIOUS STATUS> 
<FIRST FAIL DATE>N/A</FIRST FAIL DATE> 
<LAST_FAIL_DATE>N/A</LAST_ FAIL DATE> 
< 
< 
< 


T 


eni 


B] ]></V> 


H 


FIRST PASS DATE>2019-10-14T21:15:46Z</FIRST PASS DAT] 
LAST PASS DATE>2019-10-14T21:15:46Z</LAST PASS DATE> 


ea) 
V 


EVIDENCE> 
<BOOLEAN EXPR><! [CDATA[:dp 3 contains 
Stp_2]]></BOOLEAN_EXPR> = 
<DPV_LIST> 
<DPV lastUpdated="2019-10-14T19:53:412"> 
<LABEL>:dp_3</LABEL> 
<V 
fileName="C:NuserNPreTestNpretestfilel.txt"><![CDATA[pre$]]></V> 
<TM_REF>@tm_3</TM_REF> 
</DPV> 
</DPV_LIST> 
</EVIDENCE> 
</INFO> 
</INFO_LIST> 
<SUMMARY> 
<TOTAL ASSETS>1</TOTAL ASSETS> 
<TOTAL CONTROLS>3</TOTAL CONTROLS> 
<CONTROL INSTANCES> 
<TOTAL>3</TOTAL> 
<TOTAL PASSED>2</TOTAL PASSED> 
<TOTAL FAILED>1</TOTAL FAILED> 
<TOTAL ERROR>0</TOTAL ERROR> 


< 
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<TOTAL EXCEPTIONS>0</TOTAL EXCEPTIONS> 
</CONTROL_INSTANCES> 
</SUMMARY> 
<GLOSSARY> 
<HOST LIST> 
<HOST> 
<ID>7368441</ID> 
<IP>10.115.74.93</IP> 
<TRACKING METHOD>AGENT</TRACKING METHOD> 
<DNS><! [CDATA[win-890blrmesc6] ]></DNS> 
<NETBIOS><! [CDATA [WIN-8 90BLRMESC6] ] ></NETBIOS> 
<OS><! [CDATA [Windows Server 2012 R2 Standard 64 bit 
Edition] ]></OS> 
<QG_HOSTID>3031a534-6b78-4c4c-aacd- 
db56257c155f</QG_HOSTID> 
<ASSET_ID>689027</ASSET ID> 
<LAST VULN SCAN DATETIME>2019-10- 
14T19:18:12Z</LAST VULN_SCAN_DATETIME> 
<LAST COMPLIANCE SCAN DATETIME>2019-10- 
14T20:21:07Z</LAST COMPLIANCE SCAN DATETIME> 
<PERCENTAGE><! [CDATA[66.67% (2 of 3)]]></PERCENTAGE> 
</HOST> 
</HOST LIST> 
<CONTROL_LIST> 
<CONTROL> 
<ID>100006</ID> 
<STATEMENT><! [CDATA[Windows FCC Use Reg] ]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [min] ] ></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<RATIONALE LIST> 
<RATIONALE> 
<TECHNOLOGY_ID>75</TECHNOLOGY_ ID> 
<TEXT><! [CDATA [rationale] ]></TEXT> 
</RATIONALE> 
</RATIONALE LIST> 
</CONTROL> 
<CONTROL> 
<ID>100000</ID> 
<STATEMENT><! [CDATA[preFCCUDC] ] ></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [min] ] ></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<RATIONALE LIST> 
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<RATIONALE> 
<TECHNOLOGY ID>75</TECHNOLOGY ID> 
<TEXT><! [CDATA[rationale] ]></TEXT> 
</RATIONALE> 
</RATIONALE LIST> 
</CONTROL> 
<CONTROL> 
<ID>100026</ID> 


<STATEMENT><! [CDATA[pre fcc file path regexwith$] ]></STATEMENT> 
<CRITICALITY> 
<LABEL><! [CDATA [min] ] ></LABEL> 
<VALUE>1</VALUE> 
</CRITICALITY> 
<RATIONALE LIST> 
<RATIONALE> 
<TECHNOLOGY_ ID>75</TECHNOLOGY_ ID> 
<TEXT><! [CDATA[ration] ]></TEXT> 
</RATIONALE> 
</RATIONALE_LIST> 
</CONTROL> 
</CONTROL_LIST> 
<TECHNOLOGY LIST> 
<TECHNOLOGY> 
<ID>75</ID> 
<NAME><! [CDATA[Windows Server 2012 R2]]></NAM 
</TECHNOLOGY> 
</TECHNOLOGY_LIST> 
<DPD_LIST> 
<DPD> 
<LABEL>:dp_1</LAB 
<ID>1007020</ID> 


eal 
V 


(zal 
Es 
Vv 


<NAME><! [CDATA[custom.win file content _check.1007020] ]></NAME> 
<DESC><! [CDATA[FileContentChech] ]></DESC> 


</DPD> 
<DPD> 
<LABEL>:dp_2</LABEL> 
<ID>1007110</ID> 


<NAME><! [CDATA[custom.win file content check.1007110]]></NAME> 
<DESC><! [CDATA[reg key] ]></DESC> 
</DPD> 
<DPD> 
<LABEL>:dp_3</LAB 
<ID>1008003</ID> 


(zal 
et 
Vv 
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<NAME><! [CDATA[custom.win file content check.1008003]]></NAME> 
<DESC><! [CDATA[pre\$] ] ></DESC> 
</DPD> 
</DPD_LIST> 
<TP_LIST> 
<TP> 
<LABEL>$tp_1</LABEL> 
<V><! [CDATA [true] ]></V> 
</TP> 
<TP> 
<LABEL>S$tp_2</LABEL> 


<V><! [CDATA[.*]]></V> 


</T 
</TP_ 
<TM 
<TM> 
<LABI 
<PAI 


P> 


<K><! [CDA] 
<V><! [CDA] 


error] ]></V> 


LIST> 
LIST> 


EL>@tm_1</LAB 
R> 


TA [Set 


</PAIR> 


</ TM> 

<TM> 
<LABI 
<PAI 


<K><! [CDA 
<V><! [CDA 


error]]></V> 


EL>@tm_2</LAB 
R> 


TA [Set 


</PAIR> 


</ TM> 

<TM> 
<LABI 
<PAI 


<K><! [CDA] 
<V><! [CDA 


error] ]></V> 


EL>@tm_3</LAB 
R> 


TA [Set 


</PAIR> 


</ TM> 
</TM_ 


LIST> 


</GLOSSARY> 


</RESPONS 
</POSTUR 


E> 


my 
Ë, 


_ INFO _ 


LIST OUTPUT> 


my 
Ë, 


L> 


rA[item not found:2]]></K> 


status Passed for a€eitem not foundda€? 


my 
Ë, 


L> 


rA[item not found:2]]></K> 


status Passed for a€eitem not founda€? 


ry 
E, 


L> 


rA[item not found:2]]></K> 


status Passed for a€eitem not foundda€? 
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Sample - Posture Info with Extended Evidence parameter 


This sample includes 2 INFO records. One record has data for Extended Evidence, and the 
other record has data for Statistics and Extended Statistics Error. 


API request: 


curl -H "X-Requested-With:curl" -u "USERNAME:PASSWORD" -d 

"action=list&policy_id=1055704&details=All&output_format=xml&show extende 
d_evidence=1" 
"http: //qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/" 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE POSTURE INFO LIST_OUTPUT SYSTEM 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/posture_ 
info list _output.dtd"> 
<POSTURE_ INFO LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2022-04-28T11:08:05Z</DATETIME> 
<POLICY> 
<ID>1055704</ID> <DATETIME>2022-04-28T11:08:05Z</DATETIME> 
<INFO_LIST> 
<INFO> 
<ID>10461454</ID> 
<HOST_ID>2573671</HOST_ID> 
<CONTROL_ID>1071</CONTROL_ID> 
<TECHNOLOGY ID>80</TECHNOLOGY ID> 
<INSTANCE><! [CDATA[os] ]></INSTANC 
<STATUS>Failed</STATUS> 
<POSTURE MODIFIED DATE>2022-04- 
27T08:57:38Z</POSTURE MODIFIED DATE> 
EVALUATION DATE>2022-05-02T06:21:45Z</EVALUATION DAT! 
PREVIOUS STATUS>Failed</PREVIOUS STATUS> 
FIRST FAIL DATE>2022-04-27T08:57:38Z</FIRST FAIL DAT! 


< 
< 
< 
<LAST_ FAIL DATE>2022-05-02T06:21:45Z</LAST FAIL DATE> 
< 
< 
< 


ti 
V 


ti 
Vv 


za] 
x 


FIRST PASS DATE>2022-04-21T12:05:56Z</FIRST PASS DAT! 
LAST PASS DATE>2022-04-21T12:05:56Z</LAST PASS DATE> 


ti 
Vv 


EVIDENCE> 
<BOOLEAN EXPR><! [CDATA[(:dp_2 in #fv_2 or :dp 2 < Stp_l 
)]]></BOOLEAN EXPR> 
<DPV_LIST> 
<DPV lastUpdated="2022-04-28T10:03:332Z"> 
<LABEL>:dp_2</LABEL> 
<V><! [CDATA[5] ] ></V> 
</DPV> 
</DPV_LIST> 
<EXTENDED_EVIDENCE><! [CDATA [Row 1:File name,Setting,Value 
Row 2:/etc/login.defs,PASS MIN LEN,5 
]]></EXTENDED_EVIDENCE> 
<STATISTICS><! [CDATA[] ]></STATISTICS> 


<EXTENDED_ STATISTICS ERROR><! [CDATA[]]></EXTENDED STATISTICS ERROR> 
</EVIDENCE> 
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</ INFO> 

<INFO> 
<ID>10479751</ID> 
<HOST_ID>2573673</HOST_ ID> 
<CONTROL_ID>100002</CONTROL_ID> 
<TECHNOLOGY _ID>81</TECHNOLOGY_ID> 
<INSTANCE><! [CDATA [os] ] ></INSTANCE> 
<STATUS>Passed</STATUS> 

<POSTURE MODIFIED DATE>2022-04- 

28T10:09:392Z</POSTURE MODIFIED DATE> 

EVALUATION DATE>2022-05-02T06:21:452Z</EVALUATION DATE> 

PREVIOUS _STATUS>Passed</PREVIOUS_STATUS> 

FIRST FAIL DATE>N/A</FIRST FAIL DATE> 


< 
< 
< 
<LAST_ FAIL DATE>N/A</LAST FAIL DATE> 
< 
< 
< 


H 


FIRST_PASS_DATE>2022-04-28T10:09:39Z</FIRST_PASS_DATE> 
LAST_PASS_DATE>2022-05-02T06:21:45Z</LAST_PASS_DATE> 


EVIDENCE> 
<BOOLEAN EXPR><![CDATA[:dp 8 matches $tp_5]]></BOOLEAN EXPR> 
<DPV_LIST> 
<DPV lastUpdated="2022-04-28T10:03:262Z"> 
<LABEL>:dp_8</LABEL> 
<V><![CDATA[No data found] ]></V> 
</DPV> 
</DPV_LIST> 
<EXTENDED_ EVIDENCE><! [CDATA[]]></EXTENDED EVIDENCE> 
<STATISTICS><! [CDATA[Search duration: 63 seconds 
]]></STATISTICS> 
<EXTENDED STATISTICS ERROR><! [CDATA [Error Code 28:Base directory 
not foundcan't lstat target of '/usr/lib/debug/usr/.dwz -> 
/usr/1ib/debug/.dwz' (No such file or directory) ,can't lstat target of 
'/usr/lib/systemd/system/dbus-org.freedesktop.network1l.service -> 
/usr/1ib/systemd/system/systemd-networkd.service' (No such file or 
directory) ,can't lstat target of '/usr/1lib/modules/3.10.0- 
327.e17.x86 64/build -> /usr/src/kernels/3.10.0-327.e17.x86_64' (No such 
file or directory) ,can't lstat target of '/usr/lib/modules/3.10.0- 
327.e17.x86 64/source -> /usr/src/kernels/3.10.0-327.e17.x86_64' (No such 
file or directory) ,can't lstat target of '/usr/share/gdb/auto-load/bin -> 
/usr/share/gdb/auto-load/usr/bin' (No such file or directory) ,can't lstat 
target of '/usr/share/gdb/auto-load/lib -> /usr/share/gdb/auto- 
load/usr/lib' (No such file or directory) ,can't lstat target of 
'/usr/share/gdb/auto-load/sbin -> /usr/share/gdb/auto-load/usr/sbin' (No 
such file or directory) ,can't lstat target of 
'/usr/share/PackageKit/icons -> /usr/share/pixmaps/comps' (No such file 
or directory) 
]]></EXTENDED_ STATISTICS ERROR> 
</EVIDENCE> 
</ INFO> 
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PC Posture Streaming APIs 


The PC Posture Streaming APIs help you have posture data continuously streamed for one 
host ID at a time for all the specified host IDs for which posture information is available. 
You can process the data concurrently, which helps you save time and achieve optimum 
results within a short span of time. 


Note: You can initiate two concurrent API requests for each Qualys PC subscription within 
a span of 60 seconds. 


You must use the compliance posture streaming APIs in the following sequence: 


- Get Policy List (optional): Use the Get Policy List API to fetch the list of policies against 
which you want to evaluate the compliance posture of your assets. 


If you have a list of policy IDs, you can directly use the Resolve Host IDs API. 


- Resolve Host IDs: Use the policy IDs received from Get Policy List API as the input 
parameter for Resolve Host IDs. You can specify a maximum of 10 comma-separated 
policy IDs. 


- Get Posture Info: Use the host IDs received from Resolve Host IDs as the input parameter 
to get the posture info in JSON stream. 


Before you start, you must authenticate to receive the token needed for the PC Posture API 
requests. The API Gateway is responsible for authenticating the user who accesses the 
Posture Streaming APIs to get the posture details. 


Input parameters for Auth API: 
- username 

- password 

- token 


URL for Auth API: https://gateway.<assigned URL>/auth 


headers = {'Content-Type': 'application/x-www-form-urlencoded' } 
authUrl= ‘https://gateway.<assigned URL>/auth' 
data = {'username':'username', 


"password': 'password', 'token':True}authResp=requests.post(authUrl, 
data=data, headers=headers, verify=False) 
token=authResp.content.decode('utf-8') 


Note: Provide the URL, user ID, and password that have been assigned to you. 


Get Policy List 

API URL: 
/pcrs/1.0/posture/policy/list?lastEvaluationDate=<evaluation date> 
[GET] 


List all policy IDs as per the last evaluation date specified. 


711 


Input Parameters 


Compliance 
Compliance Posture Information 


Parameter Description 

Request header: (Required) JW'T encrypted token. 

Authorization Note: Provide the token received from the Authorization 
API as the input 

lastEvaluationDate (Optional) Compliance posture information records when 


the posture is equal to or greater than the specified date. 
You may also specify the time. 

The format for date and time is YYYY-MM-DD or 
YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). 


Sample JSON output response - Get Policy List 


Get Policy List without lastEvaluationDate 


Request: 


curl 


Response: 


"subscriptionlid": 


-X GET https://gateway.<assigned 
URL>/pcrs/1.0/posture/policy/list -H "accept: 
"Authorization: 


*/*" -H 
Bearer <token>" 


"<SUBSCRIPTION ID>", 


"policyList"™: T 


{ 


Mads <"<POLTCY EDS", 

"title": "VMWARE 5.5 AND 6.0", 

"createdBy": "<USER NAME>", 

"createdDate": "2018-01-19T07:52:112", 
"modifiedBy": "<USER NAME>", 

"modifiedDate": "2018-02-01T09:32:332", 
"lastEvaluatedDate": "2019-12-19T06:38:462Z", 
"Status": "inactive", 

"locked": 0 

mida a o<POLLCY ITD} 


weather 
"createdBy": 


"Windows Server 2012", 

"<USER NAME>", 
"2018-02-02T06:22:162", 

"<USER NAME>", 

"2018-02-22T10:06:252Z", 

"2019-12-19T06:39:052", 


"createdDate": 


"modifiedBy": 
"modifiedDate": 
"lastEvaluatedDate": 


"Status": 


"inactive", 
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"locked": 0 

}, 

{ 
Maas WC POE Y EDS", 
"title": "Policy for HPUX", 
"createdBy": "<USER NAME>", 
"createdDate": "2018-04-23T07:14:162", 
"modifiedBy": "<USER NAME>", 
"modifiedDate": "2018-04-23T07:15:122", 
"lastEvaluatedDate": "2019-12-19T06:37:512", 
"Status": "inactive", 
"locked": 0 


}, 


Get Policy List with lastEvaluationDate 


Request: 


curl 


-X GI 


Response: 


ET https://gateway.<assigned 
URL>/pcrs/1.0/posture/policy/list?lastEvaluationDate=2022-02- 
15T06:04:462 -H "accept: */*" -H "Authorization: Bearer 
<token>" 
{ 
"subscriptioniId": "<SUBSCRIPTION ID>", 
"policyList"™: [ 
{ 
mide “<POLLECY EDS"; 
"title": "ALL", 
"createdBy": "<USER NAME>", 
"createdDate": "2021-04-08T05:46:392", 
"modifiedBy": "<USER NAME>", 
"modifiedDate": "2021-06-16T11:38:542Z", 


"lastEvaluatedDate": 
"status": 
"locked": 


"inactive", 
0 


Wai dts -"<POULCY: LDS, 
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“title ™:“ude sp, 

"createdBy": "<USER NAME>", 

"createdDate": "2021-04-20T17:40:322", 
"modifiedBy": "<USER NAME>", 

"modifiedDate": "2021-04-20T17:44:482", 
"lastEvaluatedDate": "2022-02-17T13:11:082", 
"Status": "inactive", 

"locked": 0 

Mids L POLICY TDS 

"title": "10.115.95.138 agent fromHostPolicy", 
"createdBy": "<USER NAME>", 

"createdDate": "2021-05-19T23:30:252", 
"modifiedBy": "<USER NAME>", 

"modifiedDate": "2021-05-19T23:31:532Z", 
"lastEvaluatedDate": "2022-02-17T12:59:332", 
"status": "inactive", 

"locked": 0 


/pcrs/1.0/posture/hostids?policyId=policyld1, policyId2 


[GET] 


List all Host IDs for the specified policies. 


For the Resolve Host IDs API, you must use the token that is returned by the 
authentication request. You can include a maximum of 10 policies in one API request. 


Input Parameters 


Parameter 


Description 


policyld 


(Required) Policy IDs for compliance evaluation. 


Request header: 
Authorization 


(Required) JWT encrypted token. 
Note: Provide the token received from the Authorization 
API as the input 
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Sample JSON output response - Resolve Host IDs 
Resolve Host IDs with single policy ID 


Request: 


curl -X GET https://gateway.<assigned 
URL>/pcrs/1.0/posture/hostids?policyId=<POLICY ID> -H "accept: 
*/*" -H "Authorization: <token>" 


Response: 
[ 
{ 
"policyId": "<POLICY ID>", 
"subscriptioniId": "SUBSCRIPTION ID", 
"hostIds": [ 


"<HOST ID>" 


Resolve Host IDs with multiple policy IDs 


Request: 


curl -X GET https://gateway.<assigned 
URL>/pcrs/1.0/posture/hostids?policyId=xxx, xxx -H "accept: */*" -H 
"Authorization: <token>" 


Response: 
[ 
{ 
"policyId": "<POLICY ID>", 
"subscriptionId": "<SUBSCRIPTION ID>", 
"hostIds": [ 


"<HOST ID>" 
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"policyId": "<POLICY ID>", 
"subscriptionId": "SUBSCRIPTION ID", 
"hostIds": 

"<HOST ID>" 


] 


Get Posture Info 


API URL: 


/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEval 


uationDate=2021-12-23 


[POST] 


Get continuous posture information for all the specified hosts for each policy ID included 


in the API. 


To get posture information, you must use the host IDs retrieved in the Resolve Host IDs 


API request. 


Input Parameters 


Parameter 


Description 


evidenceRequired 


Default value is 0, which indicates that evidence data will 
not be retrieved for the host posture. If you want evidence 
data to be retrieved, change the value to 1. 

Note: Changing the value to 1 will increase the time 
required to fetch posture data. 


compressionRequired 


Default value is 1, which indicates that the output will be 
compressed. 

If you do not want the data to be compressed, change the 
value to 0. 

Note: Not compressing the data will increase the time 
required to fetch posture data. 


Request Body 


Output of the Resolve Host ID and the JWT token. 
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Description 


Request header: 


(Required) JWT encrypted token. 


Authorization Note: The token received from the Authorization API and 
the token used in the second API need to be the input here. 
lastEvaluationDate (Optional) Compliance posture information records when 


the posture is equal to or greater than the specified date. 
You may also specify the time. 

The format for date and time is YYYY-MM-DI 
YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). 


D or 


Sample JSON output response - Get Posture Info (single policy ID) 


Get Posture Info with lastEvaluationDate, without evidence, without compression 


Request: 


Response: 


curl =X-POST 
URL>/pcrs/1.0 
quired=0élast 
"Authorizatio 
application/j 
ID>\",\"subsc 
ID>\", \"hostI 


TLAN 
"inst 
"poli 
"Cont 
"cont 
nfiguration 
"ra 
mand is us 
nnection 
thenticates 


co 
ti 
co 
co tO 
au 


used to provide an 


notifying tha 


legal consequences 


"https://gateway.<assigned 
/posture/postureInfo?evidenceRequired=0&compressionRe 
EvaluationDate=2021-12-23" -H "accept: */*" -H 

n: Bearer <token>" -H "Content-Type: 

son" -d "[{\"policyId\":\"<POLICY 
riptionId\":\"<SUBSCRIPTION 

ds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]" 


XXX, 

ance": "os", 

cyId": "<POLICY ID>", 

rolid": "<CONTROL ID>", 

rolStatement": "Status of the 'banner motd' 
command on the device", 

onale": "The 'Message of the Day (banner motd)' 


ed to provide a warni 
the device is made B 
to the devic 


ng banner displayed when a 

EFORE a user successfully 

The Message of the Day banner can be 
acceptable use policy or warning prior to login 
user activity may be monitored and potential 
may result Run this 


t all 


from unauthorized use. 


check periodically to ensure content of the banner displayed is in 
compliance with the requirements and expectations driven by 
internal standards and/or policies.", 

"remediation": "Execute following commands to set desired 
banner message:\nl. configure terminal\n2. banner motd 
‘delimiting-character' 'message' 'delimiting-character'\n3. 
exit\n\nc", 

"controlReference": null, 

"technologyId": xxx, 

"status: TETOR"; 
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"previousStatus": "Error", 

"firstFailDate": "", 

"lastFailDate": "", 

"firstPassDate": "2021-12-21T711:28:212", 
"lastPassDate": "2021-12-21T11:29:22Z", 
"postureModifiedDate": "2021-12-22T12:56:412", 
"lastEvaluatedDate": "2021-12-23T05:32:402", 
"created": "2022-02-21T13:10:132", 

"hostId": "<HOST ID>", 

"ip": "XX.XX.XxX.xXxx", 

"trackingMethod": "IP", 

wos: muL; 

"osCpe": "cpe:/o:cisco::7.0%283%2912%282%29:::", 
Tange sal, 


"qgHostid": null, 
"networkId": 0, 
"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-12-22T12:49 
"customerUuid": "<CUSTOMER UUID>", 
"customerId": "<CUSTOMER ID>", 
"assetId": "<ASSET ID>", 
"technology": í 

“ide KX, 

"name": "Cisco NX-OS" 


}, 

“eritieality: { 
"Label: “CRITICAL”, 
"value": 4 

}, 

"evidence": null, 

"causeOfFailure": null, 

"currentBatch": 1, 

"totalBatches": 1 

} 


+ HOA, 


Get Posture Info without lastEvaluationDate, without evidence, without compression 


User input: evidenceRequired=0 and compressionRequired=0 


Request: 


Response: 


curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequir 


nRequired=0" -H "accept: */*" -H "Authorization: 
"Content-Type: application/json" -d 


d=0&compressio 
<token>" -H 


"L{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\": 


[\"xxx\"] }]" 
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: XXX, 

tance": "os", 

icyId": <POLICY ID>, 

trolId": <CONTROL ID>, 

hnologyId": xx, 

tus": "Failed", 

viousStatus": "Failed", 

stFailDate": "2021-10-25T07:21:132", 
tFailDate": "2021-10-29T07:52:412", 
stPassDate"™: "", 

tPassDate"™: "", 

tureModifiedDate": "2021-10-25T07:21:112", 
tEvaluatedDate": "2021-10-29T07:52:412", 
ated": "2021-10-29T07:54:262", 

tId": <HOST ID>, 


NXX. XxX.XX. XX", 
ckingMethod": "IP", 
null, 


"osCpe": 


micr 
"dns 


" qgH 


osoft:windows server 2012:r2::x64:", 
": "comdevsgql2016", 
ostid": null, 


"networkId": "0", 
"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-10-28T16:57:582", 


"cus 
"cus 
"ass 


tomerUuid": "xxx", 
tomerId": "xxx", 
etId": "xxx", 


"technology": { 


}, 


TEAS XK, 
"name": "Windows Server 2012 R2" 


"criticality": { 


}, 


"label": "SERIOUS", 
"value": 3 


"evidence": null, 


"cau 


seOfFailure": { 
"missing": { 
"logic": null, 
"value": [ 
"1", 
"Attribute not found", 
"Unable to retrieve password policy" 


}, 
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"cpe:/o: 


" id" 
"ins 
"pol 
"con 
"tec 
"sta 
"pre 
VEBE 
"las 
“ELH 


"last 


"pos 
"las 
"cre 
"hos 


" ip" : 


"tra 


"os": 


"osc 
micr 
"dns 
"qgH 
"net 
"net 
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"unexpected": { 
"value": [ 
wo 


: XXX, 
tance": "os", 
icyId": <POLICY ID>, 

trolId": <CONTROL ID>, 
hnologyId": "<TECHNOLOGY ID>", 
tus": "Passed", 


viousStatus": "Passed", 

stFailDate": "", 

tFailDate™:s 1t; 

stPassDate": "2021-10-25T07:21:132", 
PassDate": "2021-10-29T07:52:412", 
tureModifiedDate": "2021-10-25T07:21:112", 
tEvaluatedDate": "2021-10-29T07:52:412", 
ated": "2021-10-29T07:54:262", 

tId": <HOST ID>, 


"XX.XX.XX.XX", 

ckingMethod": "IP", 

null, 

pets 
osoft:windows server 2012:r2::x64:", 
": "comdevsgql2016", 

ostid s mütl; 

workId": "0", 

workName": "Global Default Network", 


"complianceLastScanDate": "2021-10-28T16:57:582", 


"cus 
“cus 
"ass 
"tec 


}, 


"cri 


hy 
"evi 
"cau 


tomerUuid": "xxxx", 
tomerId": "<CUSTOMER ID>", 
etId": "<ASSET ID>", 
hnology": í 


MGS OK, 
"name": "Windows Server 2012 R2" 


bECaAL EN Is: {f 
"label": "URGENT", 
"value": 5 


dence": null, 
seOfFailure": null 
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] 
Get Posture Info without lastEvaluationDate, without evidence, with compression 


User input: evidenceRequired=0 & compressionRequired=1 
Request: 


curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0écompressio 
nRequired=1" -H "accept: */*" -H "Authorization: Bearer 
<token>" -H "Content-Type: application/json" -d 
"(T{\"policyId\":\"xxx\", \"subscriptionId\":\"xxx\",\"hostIds\": 
[\"xxx\"]}}J" 


Response (Compressed): 
< iY]sUHAA 44:16! AY5i1@Uceli 8©S©0) 
2CB2S©|+*p2Z OdAyeymd2~é’8:yUcE Bè,í (EOfS410E1 — 
7:BUx0,, tf BB+O6T (SOS {Oe-arR 
6CA0KZ5EBu+~\ 
<< ùviðHu?26-öñ?;@ýz?“üã MOi<s>LEytAynY:16D° (G `üF67) ( 
çp7 
v£àM9ç° F; XÁQ3jx[%OoSb:y?a1l” -yAu 
LVR] tBvydt;eU [YUGe~{“4bSi--N Ô? *,>DY«?UTéh V?4A60 | Z-T QOnM966> 
EGyt +ug?z°G, : 8ÜpXyii 216146 ¢366A’ 8/;¥-a~niuc4y | I' PDAUEQSOW«KUO 
ODx GuWEUUCEYASEVOEYY-BS } 
\i}oe- 
YSE+UM6,E???U0 6° 86wOd6i1Xiteiz? pi< ÑapPY7/ ?AuO&Z0OiMBE6AiN’ 1612 
£|r:?1 O2giz-»UYOUM?66Y, l&»AZeaé’? |! cBYOUYEIPi»z ’ >B«tA’ iý% OÉFçÇ 
ê —OEAO AiéHielON} avZee- 
ú 2?” F*w8 (Cc? 71 ZAAS6ZB 27 VSCUq} &ETOHVOW't2YS! veil Syr*yY , OUU6e— 
g7€...*° (LE ÀÜ€Eó C€ilvrp|@ËéÉu x9 +1+A%~t_GOtSGxueax5— 
AOS YVEWYx ?TULSERAI co ytRfx— 
Pàp’ Aésc4N«OruSabptalax ad’ BRpOe%eiF | g\”; cA1l\£8wiI tuNYiLoétiicksyy¢ 
QATIN 1LUMFUBSYS27TO° Txt 
ar Ü22ñ Sa~OpNmYy|d6o15id? ; 7ufxNERéd< -:01O0GATU ‘ER’ -CW{God»caf5 
b €0atinii* S80AT© 
\;1-ALéa}—@aC>A061°*A tOTI-£O,,! 
YS&AvS0C.MAp >. 402] 9MBÁAw3 yd, 1°K#tI,aC..aiYadA t 
A\A& 
aCabApA—y\aa63t * xOo+my—éwU° . G,,+\OAYEOh aj 
ma,5Èõa-æ>0,;ÂÐ x éav06tdb 61%6 ..,A-A?'<P*B 


Get Posture Info without lastEvaluationDate, with evidence, with compression 


User input: evidenceRequired=1 & compressionRequired=1 
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Request: 


curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1écompressionRe 
quired=1" -H "accept: */*" -H "Authorization: <token>" -H 
"Content-Type: application/json" -d 
"[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\": [N 
xxxN"])]" 


Response (compressed): 


< i PSUFSQY 
Jpoi* we|“SyaAr SvRYINOSLaC4 ÚÓlà¿o7HJ14 
Sax "qR. *YÂuŇ} ú, BUSB'* yam? |On™?=Ati (îú=+a} D'?=C wyFIS«VifYUéI/5 
AOERY-S¥yéliditi- 
4 SA7ANSC, iF ‘O-CY/*%0%: k?Ua..0U°S 
/°4<-@0°»t od#! BiWU? 4 Zeip~c60U«mU?YiGUKnU (TkOR“ {SAlé*} i cd3ityuy¥ 
7e@°-06] >n/taFé?0U6tUANex ‘OhO?-8 (4 +@@2+—- 
Uiš*ZU1 #YDiz? , rd»@éipo-xm?2?kYICdézc -y?A{adA 
>Àí ZBuFYGUS< ?p34Z0vXm : ¿ 54mq,,4/KEai- 
eóPü! !~ûyð?&Y!G+Ýøk p./dA<yo+»iHzZ60AaT; 4.U0YE0 6PMy (i1<?Z570Equ 
z] ?une?2<Ñ@< 2p’ ’ SDqg0rA /9SxvSnO0<un«® | 6€0OcH6S | O4unESOOU’ °Wrud?) 
Z-~+6O<y* O10 ?P4iC* yOZVaY-yemii<-) £°”"” |KEx =ùC>A/özÝ;'ů 
» iPipppit >ó? &À2& cOAR¢B+YnOutAy6v { 40?” ?- 
y >?4EYU;07%7260p3~|0, pa7yOYmj anubts& -? ,+tAES  4+6vYU8) COtyx~-22,”% 
6E?D6Alw8yt’ £6%PUa ÞöFúké e'u’ GA'U\E >Syzt—-*VFAVE 

VA 
Get Posture Info without lastEvaluationDate, with evidence, without compression 


User input: evidenceRequired=1, compressionRequired=0 


Request: 
curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressio 
nRequired=0" -H "accept: */*" -H "Authorization: <token>" -H 
"Content-Type: application/json" -d 
"[{\"policyId\":\"xxx\", \"xxx\":\"xxx\",\"hostIds\": [\"xxx\"] }] 
Response: 


Maes, OK; 

"instance": "os", 
"policyId": <POLICY ID>, 
"controlId": <CONTROL ID>, 
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"technologyld": <TECHNOLOGY ID>, 
"Status": "Failed", 

"previousStatus": "Failed", 
"firstFailDate": "2021-10-25T07:21:132", 
"lastFailDate": "2021-10-29T07:52:412", 
"firstPassDate": "", 


"lastPassDate"™: "", 

"postureModifiedDate": "2021-10-25T07:21:112", 

"lastEvaluatedDate": "2021-10-29T07:52:412", 

"created": "2021-10-29T07:55:262", 

"hostId": <HOST ID>, 

TIPE UR. XXS XX UKE, 

"trackingMethod": "IP", 

Moss. madd, 

"osCpe": 
"cpe:/o:microsoft:windows server 2012:r2::x64:", 

"dns": "comdevsql2016", 

"qgHostid": null, 

"networkId": "0", 

"networkName": "Global Default Network", 

"complianceLastScanDate": "2021-10-28T16:39:552", 

"customerUuid": "0a387e70-8b26-78ff-8145-017b816fal7£E", 

"customerId": "<CUSTOMER ID>", 

"assetId": "<ASSET ID>", 

"technology": { 


MTG: EX, 

"name": "Windows Server 2012 R2" 
}, 
veriticality -f 

"label": "SERIOUS", 

"value": 3 


hy 
"evidence": { 
"expectedValues": "\nAttribute not found\n--------- 
JAA ORs amam = s= saa NnUnable to retrieve password policyNn------ 
------ OR ------------\nequal to\nl1", 
"currentValues": [ 
HEC) NE 


l]; 
"actualValues": null, 
"directoryFimUdc": null 
}, 
"causeOfFailure": { 
"missing": { 
"logic": null, 
"value": [ 
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Wate, 
"Attribute not found", 
"Unable to retrieve password policy" 


}, 
"unexpected": { 
"value": [ 
UO 


MTOM KK, 
"instance": "MSSQL 2016:1:1433:MSSQLSERVER: PCDEV", 
"policyId": "<POLICY ID>", 

"controlId": "<CONTROL ID>", 

"technologyId": "<TECHNOLOGY ID>", 

"status": "Passed", 


"previousStatus": "Passed", 

"firstFailDate": "", 

Whastlanl bates MM 

"firstPassDate": "2021-10-25T07:21:132", 
"lastPassDate": "2021-10-29T07:52:412Z", 
"postureModifiedDate": "2021-10-25T07:21:112", 
"lastEvaluatedDate": "2021-10-29T07:52:412", 
"created": "2021-10-29T07:55:272", 

"hostId": <HOST ID>, 


MUMS "SX Ek Ke KK XX"; 


"trackingMethod": "IP", 

"os": null; 

"osCpe": 
microsoft:windows server 2012:r2::xo4:", 
"dns": "comdevsql2016", 

"qgHostid": null, 

"networkId": "0", 

"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-10-28T16:39:552", 
"customerUuid": "<CUSTOMER UUID>", 
"customerId": "<CUSTOMER ID>", 
"assetId": "<ASSET ID>", 

"technology": { 


TEAS XK; 
"name": "Microsoft SQL Server 2016" 


}, 
"criticality": f 
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"label": "SERIOUS", 
"value": 3 
}, 
"evidence": { 
"expectedValues": "\nGrantees not found\n---------- 
= OR == === s= Nnmatches regular expression listNn.*", 
"currentValues": [ 


"Grantees not found" 
l; 
"actualValues": null, 
"directoryFimUdc": null 


hy 
"causeOfFailure": null 


Sample JSON output response - Get Posture Info (multiple policy IDs) 


Get Posture Info with lastEvaluationDate, with evidence, without compression 


User input: evidenceRequired=1 & compressionRequired=0 


Request: 


Response: 


curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRe 
quired=0élastEvaluationDate=2021-12-27T15:35:22Z2" -H "accept: /" 

H "Authorization: Bearer <token>" -H "Content-Type: 
application/json" -d 

"L{\"policyId\":\"<Policy ID>\",\"subscriptionId\":\"<Subscription 
_ID>\", \"hostIds\": [\"<Host_ID1>\"]}, {\"policyId\":\"policyId1\", \ 
"subscriptionId\":\"<Subscription_ID\",\"hostIds\": [\"<HOST_ID1>\" 
aa 


WIGS «Kx, 

"instance": "os", 

"policyId": <POLICY ID>, 

"controliId": <CONTROL_ID, 

"controlStatement": "Status of the 'Minimum Password 
Length' setting", 
"rationale": "Among the several characteristics that make 
"user identification' via password a secure and workable solution 
is setting a 'minimum password length' requirement. Each character 
that is added to the password length squares the difficulty of 
breaking the password via 'brute force,' which attempts using every 
combination possible within the password symbol set-space, in order 
to discover a user's password. While no 'minimum length' can be 
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guaranteed secure, eight (8) is commonly considered to be th 
minimum for most application access, along with requiring other 
password security factors, such as increasing the size of the 
symbol set-space by requiring mixed-cases, along with other forms 
of password variability creation, increases the difficulty of 
breaking any password by brute-force attack.", 
"remediation": "To establish the recommended configuration 
via GP, set the following UI path to 14 or more 
character(s) :\n\n\tComputer Configuration\\Policies\\Windows 
Settings\\Security Settings\\Account Policies\\Password 
Policy\\Minimum password length", 
"controlReference": null, 
"technologyId": xx, 
"status": "Passed", 
"previousStatus": "Passed", 
"firstFailDate": "", 
"lastFailDate": "", 
"firstPassDate": "2021-10-12T13:12:262", 
"lastPassDate": "2021-12-27T15:35:222", 
"postureModifiedDate": "2021-10-12T13:12:262", 
"lastEvaluatedDate": "2021-12-27T15:35:222", 
"created": "2022-02-24T14:21:062", 
“HOStLIG™:s:) Xx; 
Nip": "xx.xx.xx.xx", 
"trackingMethod": "DNS Hostname", 
"Os": XxX, 
"osCpe": "cpe:/o:microsoft:windows 2003 server::sp2::", 
"dns": "client5-25-244.root.vuln.gqa.qualys.com", 
vggHostid:- xx, 
"networkId": xx, 
"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-12-27T15:31:182", 
"customerUuid": "xx", 
"customerId": "xx", 
"assetId": xx, 
"technology": { 
vidri xx, 
"name": "Windows 2003 Server" 
s 
"criticality": { 
"label": "CRITICAL", 
"value": xx 
}, 
"evidence": { 
"expectedValues": "\ngreater than or equal to\n0", 
"currentValues": [ 
weet 
l; 
"actualValues": null, 
"directoryFimUdc": null 
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"causeOfFailure": 
"currentBatch": 
"totalBatches": 


null, 
xx, 
xx 


Tiai KS, 
"instance": "os", 
"policyId": <POLICY ID>, 
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"controliId": <CONTROL _ID>, 

"controlStatement": "Status of the 
"net.ipv4.conf.all.send_redirects' setting within the 
"/etc/sysctl.conf' file", 

"rationale": "The 'net.ipv4.conf.all.send_redirects' 
network parameter (/etc/sysctl.conf) allows ICMP routing 
redirection. If the system is not going to be used as a firewall 
or gateway to pass network traffic, and this parameter is not 
disabled, malicious users may attempt to spoof source addresses or 
redirect traffic to a host with a network sniffer, so this value 
should be set according to the needs of the business.", 

"remediation": "Set the following parameters in the 
/etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 
O\n\nOR \nRun the following commands to set the active kernel 
parameters: \n# sysctl -w net.ipv4.conf.all.send_redirects=0\n# 
sysctl -w net.ipv4.route.flush=1", 

"controlReference": null, 

"technologyId": 80, 

"status": "Passed", 

"previousStatus": "Passed", 

"firstFailDate": "", 

"lastFailDate": "", 

"firstPassDate": "2022-02-117T12:54:232Z", 

"lastPassDate": "2022-02-11T12:54:23Z2", 

"postureModifiedDate": "2022-02-11T12:54:232", 

"lastEvaluatedDate": "2022-02-11T12:54:232", 

"created": "2022-02-24T14:21:062", 

"hostId": xx, 

Nip": "xx.xx.xx.xx", 

"trackingMethod": "IP", 

"os": null, 

"osCpe": "cpe:/o:centos:centos linux:7.6.1810:::", 

"dns": null, 

"qgHostid": null, 

"networkId": 0, 

"networkName": "Global Default Network", 

"complianceLastScanDate": "2022-02-11T12:47:292", 

"customerUuid": "xx", 

"“eustomerira™: xx, 

"assetId": xx, 

"technology": { 

Waada XX; 
"name": "CentOS 7.x" 
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}, 


Wet Garcia ys í 
"label": "CRITICAL", 
"value": 4 

}, 

"evidence": { 

"expectedValues": "\nSetting not found\n------------ OR 
=== == == s= \nFile not found\n------------ OR ------------ 
\nmatches regular expression list\n.*", 

"currentValues": [ 


"Setting not found" 


"actualValues": null, 

"directoryFimUdce": null 
J; 
"causeOfFailure": null, 
K"currentBatch": 1, 
"totalBatches": 1 


Get Posture Info without lastEvaluationDate, without evidence, without compression 


User Input: evidenceRequired=0 & compressionRequired=0 


Request: 
curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressio 
nRequired=0" -H "accept: */*" -H "Authorization: Bearer 
<token>" -H "Content-Type: application/json" -d 
"[{\"policyId\":\"xx\", \"subscriptionId\":\"xx\",\"hostIds\": [\ 
"xx\")},{\"policyId\":\"policyIdl\"subscriptionId\":\"xx\",\"ho 
Stlds\Vmse[\URx VIIE" 

Response: 


Was) XK; 

"instance": "os", 

"policyId": "<POLICY ID>", 
"controlId": "<CONTROL ID>", 
"technologyId": "<TECHNOLOGY ID>", 
"status": "Passed", 
"previousStatus": "Passed", 
"firstFailDate": "", 

"lastFailDate": "", 

"firstPassDate": "2021-10-14T11:19:312", 
"lastPassDate": "2021-10-18T06:17:292Z", 
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"postureModifiedDate": 
"lastEvaluatedDate": 
"2021- 


"created": 
"“hostild™ 
Ww ip" : 


"<HOST 


"trackingMethod": 


Yose mill, 
"osCpe": 
"dns": null, 
"qgHostid": 
"networkId": 
"networkName": 


null, 
VOM 


"complianceLastScanDate": 


"customerUuid": 
"customerId": 
"assetiId": 
"technology": { 
Tid™: 
"name": 


XX, 


hy 

Veriticalrey": -{ 
"label": 
"value": 2 


}, 


"evidence": null, 


"causeOfFailure": 


"id" : 


"instance": 


xX, 
"os", 
"policylId": 

"controllId": 
"technologyld": 


"previousStatus": 
"firstFailDate": 
"lastFailDate": 
"firstPassDate": 
"lastPassDate": 


"postureModifiedDate": 


"lastEvaluatedDate": 
"2021- 


"created": 
"hostId": 

W ip" a 
"trackingMethod": 


"<HOST 


"cpe:/o: 
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"2021-10-14T11:19:302", 
"2021-10-18T06:17:292", 
10-29T08:38:142", 

ID>", 


Nxx.xx.xx.xx", 


"Tp", 


Ccisco:asa:9.2%$284%29:::", 


"Global Default Network", 


"2021-10-14T09:37:382", 


"<CUSTOMER UUID>", 
"<CUSTOMER ID>", 
"<ASSET ID>", 


"Cisco ASA 9.x" 


"MEDIUM", 


null 


Te POT ROS IDS"; 
"<CONTROL ID>", 
"<TECHNOLOGY ID>", 
"Status": "Passed", 


" 


Passed", 


wee 
r 


wie 


"2021-10-25T07:21:132", 


"2021-10-29T08:38:102", 


"2021-10-25T07:21:112", 
"2021-10-29T08:38:102", 
10-29T08:38:142", 

ID>", 


Nxx.xx.xx. KK", 


WERT 
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Yos™:s null, 

"osCpe": 

microsoft:windows server 2012:r2::xo4:", 

"dns": "comdevsql2016", 

"qgHostid": null, 

"networkId": "0", 

"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-10-28T16:53:142", 
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fal7£", 
"customerId": "<CUSTOMER ID>", 

"assetId": "<ASSET ID>", 

"technology": { 


"TOs: XX; 
"name": "Windows Server 2012 R2" 
}, 
"criticality": { 
"label": "CRITICAL", 
"value": 4 
}, 
"evidence": null, 
"causeOfFailure": null 


"id": 19235413, 
"instance": "MSSQL 2016:1:1433:MSSQLSERVER: DB", 
"policyId": "<POLICY ID>", 

"controlId": "<CONTROL ID>", 

"technologyId": "<TECHNOLOGY ID>", 

"status": "Passed", 


"previousStatus": "Passed", 

"firstFailDate": w 

"lLastFailDate™: "TH; 

"firstPassDate": "2021-10-28T16:53:062", 
"lastPassDate": "2021-10-29T08:38:102", 
"postureModifiedDate": "2021-10-28T16:53:062", 
"lastEvaluatedDate": "2021-10-29T08:38:102", 
"created": "2021-10-29T08:38:152", 

"hostid™: -"<HOST EDS"; 

"ip": "Xx.XX.XxX.xXx", 

"trackingMethod": "IP", 

"os": null, 

"osCpe": 
microsoft:windows server 2012:r2::xo4:", 
"dns": "comdevsql2016", 

"qgHostid": null, 

"networkId": "0", 
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"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-10-28T16:53:142", 
"customerUuid": "<CUSTOMER UUID>", 

"customerId": "<CUSTOMER ID>", 

"assetId": "<ASSET ID>", 

"technology": { 


TIANG KX) 

"name": "Microsoft SQL Server 2016" 
}, 
"criticality": { 

"label": "MEDIUM", 

"value": 2 


hy 
"evidence": null, 
"causeOfFailure": null 


] 


Get Posture Info without lastEvaluationDate, with evidence, without compression 


User input: evidenceRequired=1 & compressionRequired=0 


Request: 


Response: 


curl -X POST "https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressio 
nRequired=0" -H "accept: */*" -H "Authorization: Bearer 
<token>" -H "Content-Type: application/json" -d 
"T{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\": [\ 
"xx\")},{\"policyId\":\"policyId1\", \"subscriptionId\":\"xx\", \ 
"hostIds\": [\"xx\"]}]" 


LOLS XK y 

"instance": "os", 

"policyId": "<POLICY ID>", 
"controlId": "<CONTROL ID>", 
"technologyId": "<TECHNOLOGY ID>", 
"Status": "Passed", 
"previousStatus": "Passed", 

"firstFailDate": "", 

"lastFailDate"™: "", 

"firstPassDate": "2021-10-14T11:19:312", 
"lastPassDate": "2021-10-18T06:17:29Z", 
"postureModifiedDate": "2021-10-14T11:19:302", 
"lastEvaluatedDate": "2021-10-18T06:17:292", 
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"created": "2021-10-29T08:40:382", 
"hostId": "<HOST ID>", 

TIPE TRX; XXS XX XX", 

"trackingMethod": "IP", 

"os": null, 

"osCpe": "cpe:/o:cisco:asa:9.2%284329:::", 
"dns": null, 

"qgHostid": null, 

"networkId": "0", 

"networkName": "Global Default Network", 
"complianceLastScanDate": "2021-10-14T09:37:382", 
"customerUuid": "<CUSTOMER UUID>", 
"customerId": "<CUSTOMER ID>", 

"assetId": "<ASSET ID>", 

"technology": { 


Tide XX, 
"name": "Cisco ASA 9.x" 
}, 
VOTTELCaALTty" s- { 
"label": "MEDIUM", 
"value": 2 


J; 
"evidence": { 
"expectedValues": "NnFilter 2 not found: 


STV NNOD scena sss OR ------------ \nFilter 1 not found: 
show clock detail\n------------ OR ------------ \nmatches 
regular expression list\n.*", 


2021" 


"currentValues": [ 
"show clock detail:08:26:29.074 pdt Thu Oct 14 


l; 
"actualValues": null, 
"directoryFimUdc": null 
}, 
"causeOfFailure": null 


Wags x; 

"instance": "MSSQL 2016:1:1433:MSSQLSERVER: DB", 
"policyId": "<POLICY ID>", 

"controlId": "<CONTROL ID>", 

"technologyId": xx, 


"status": "Passed", 
"previousStatus": "Passed", 
"firstFailDate": "", 
"lastFailDate": "", 
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tPassDate": "2021-10-28T16:53:062", 
PassDate": "2021-10-29T08:39:072", 
ureModifiedDate": "2021-10-28T16:53:062Z", 


"lastEvaluatedDate": "2021-10-29T08:39:072", 


"crea 
"host 
Tip” . 
"trac 
"os"! P 


ted": "2021-10-29T08:40:462", 
Id": "<HOST ID>", 

NXX. Xxx. Xxx. KK", 

kingMethod": "IP", 

null, 


"osCpe": 


"cpe:/o:micro 
"dns" 


" qgHo 


soft:windows server 2012:r2::x64:", 
: "comdevsql2016", 
stid": null, 


"networkId": "0", 
"networkName": "Global Default Network", 


"comp 


lianceLastScanDate": "2021-10-28T16:57:582", 


"customerUuid": "<CUSTOMER UUID>", 
"customerId": "<CUSTOMER ID>", 
"assetId": "<ASSET ID>", 
"technology": í 


" 


pati OXX; 


"name": "Microsoft SQL Server 2016" 


hy 
"Crpe 


" 


icality": { 
label": "MEDIUM", 


"value": 2 


}, 


"evidence": { 


" 


xpectedValues": "NnSet status to PASS if no data 


found\n------------ OR === sms Nnmatches regular expression 


Tast\ni gt, 


"currentValues": [ 


] 


"Error Code 35:Failed to execute database query" 


L 


"actualValues": null, 


"directoryFimUdc": null 


}, 


"causeOfFailure": null 
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Control Criticality 


Control Criticality is a feature in Policy Compliance that provides ratings for controls, 
including the ability to customize ratings at the control level and at the policy level. 
Several APIs include control criticality in the API output. 


Control Criticality must be enabled in your account — By default, control criticality will 
not be enabled while we are updating the default criticality settings in the control library. 
If you want this feature, please contact Support or your Technical Account Manager. 
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Exceptions 


/api/2.0/fo/compliance/exception/ 
[GET] [POST] 


List, request, update and delete exceptions in your account. Supported method differs per 
request type, i.e. list, create etc). 


The Exception API is only available if you have Policy Compliance (PC) module enabled for 
your subscription. Non Manager users must be granted this permission in their account 
settings. 


User Permissions 


User Role Permissions 

Manager List, request, update, delete exceptions for all hosts in 
subscription. 

Auditor List, request, update, delete exceptions for all hosts in 
subscription. 


Unit Manager ist, request, update, delete exceptions for hosts in their 


assigned business unit. 


t 


Scanner, Reader List, request, update exceptions for hosts in their account. 
Updates are limited to adding comments. 


List exceptions 


By default, all exceptions in the user's account are listed. Use the optional parameters to 
filter the list output. 


Parameter Description 
action=list (Required) 


exception_number={value} (Optional) Show a specific exception by specifying a valid 
exception number. 


ip=[value) Optional) Show exceptions associated with a specific host by 
specifying a host IP address. You may enter individual IP address 
that belong to the Policy Compliance module. 


network_name={value} Optional) Show exceptions for a particular network by specifying 
the network name. 


status={value} Optional) Show exceptions with specified status value: pending, 
approved, rejected or expired. Tell me about exception status 


control_id={value} (Optional) Show exceptions for a specific control by specifying 
valid control ID. If the value is set to 23, the matching control IDs 
may include 23, 234, 2343, 233. 


control_statement={value} (Optional) Show exceptions for certain controls associated with a 
certain policy by specifying control statement. Partial control 
statement is also valid. 
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Parameter Description 
policy_id=[value) (Optional) Show exceptions for controls associated with a certain 
policy by specifying a valid policy ID. 


technology_name=(value) 


onal) Show exception 


(Opti 


s for controls with a certain technology 


by specifying the technology name. 


assignee_id={value} (Optional) Show exceptions with a certain assignee by specifying 
an assignee’ user ID. 
created_by={value} (Optional) Show exceptions that were created by a particular user 


by specifying the user ID. 


modified_by={value} 


tional) Show exception 


user by specifying the 


s that were modified by a particular 


user ID. 


details={Basic|All|None} 


tional) Show the reque 
control. A valid value is: 


ic (default) - All details 


All - All detai 


sted amount of information for each 


None - Only exception numbers. 


except comments history. 


Is including comments history. 


is_active=(0|1} Optional). Show only exceptions that are active or inactive 
in the output. Specify 1 to show only active exceptions. 
Specify 0 to show only inactive exceptions. When unspecified, 
both active and inactive exceptions are shown. 
created_after_date= Optional) Show exceptions created (requested) after the specified 
mm/dd/yyyy date. The valid date format is mm/dd/yyyy. 
updated_after_date= Optional) Show exceptions that were updated after the specified 
mm/dd/yyyy date. The valid date format is mm/dd/yyyy. 
expired_before_date= Optional) Show exceptions that will expire before the specified 
mm/dd/yyyy date. The valid date format is mm/dd/yyyy. 
expired_after_date= Optional) Show exceptions that will expire after the specified 
mm/dd/yyyy date. The valid date format is mm/dd/yyyy. 
exception_numbers={value} (Optional) Show a specific exception by specifying a valid 
exception number. Multiple entries are comma separated. An 


exception number range is specified with a hyphen (for example, 


289-292). 


exception_number_min= 
{value} 


Opti 
grea 


onal) Show only exceptions that have a exception number 
ter than or equal to the specified value. 


exception_number_max= 
{value} 


Opti 
than 


onal) Show only exceptions that have exception number less 
or equal to the specified value. 


truncation_limit={value} 


Opti 


999 


onal) Specify the maximum number of exceptions to be 
isted per request. When not specified, the truncation limit is set 
to 1000 records. You may specify a value less than the default (1- 
or greater than the default (1001-1000000). 


Tell me about exception status 


Pending - An exception is in a Pending state when first requested by a user. Also, if a 
previously accepted or rejected exception is reopened, then it goes back to Pending. 
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Approved - An exception is in an Approved state when it is reviewed and accepted by an 
authorized user. You would accept an exception if it's determined that the host should be 
exempt from the specified control. As long as the host is exempt for the control, a status 
of PassedE appears in compliance reports. The status changes back to Failed when the 
exception expires. 


Rejected - An exception is in a Rejected state when it is reviewed and rejected by an 
authorized user. You would reject an exception if it's determined that the host should not 
be exempt from the specified control. When an exception is rejected, a status of Failed 
continues to appear for the host/control in compliance reports. 


Expired - An exception is in an Expired state when the exception was previously accepted 
but the time limit has been reached. When an exception is expired, a status of Failed 
appears again for the host/control in compliance reports. 


Sample - List exceptions with failed status 


API request: 
curl -s -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl demo 2" 
-D headers.15 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/? 
action=listé&policy id=1174&status=Failed" 


XML response: 
<?xml version="1.0" encoding="UTF-8" ?> 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/p 
osture info list _output.dtd"> 
<INFO> 
<ID>1174</ID> 
<HOST_ID>563352</HOST_ID> 
<CONTROL _ID>1072</CONTROL_ID> 
<TECHNO OGY ID>2</TEC HNOLOGY ID> 
<INSTANCE></ INSTANCE> 
<STATUS>Failed</STATUS> 
<POSTURE MODIFIED DATE>2015-09 
-02T08:16:33Z</POSTURE MODIFIED DATE> 
</INFO> 


Sample - List exception number, show all details 


API request: 
curl -s -u "USERNAME:PASSWORD" -H "X-Requested-With: curl demo 2" 
-D headers.15 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/exception/?act 
ion=list&exception number=58édetails=Al11" 
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<?xml version="1.0" encoding="UTF-8" 
"https://q 


excep 
<EXC 


F 


LIST_OUTPUT> 


<R 


E> 


< 
< 


F 


‘TIM 


EX 


C 


F 


'PTION_LIST> 


< 


EXC 


EPTION> 


< 
< 


E>2017-01-15T11:26:34Z</DAT 


?> 

ualysapi.qualys.com/api/2.0/fo/compliance/exception/ 
tion list output.dtd"> 
'PTION _ 
ESPONS 
DAT 
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ETI 


ME 


EXC 


EXCEPTION NUMBER>58</ 
HOST> 


HOST> 

HNOLOGY> 

D>11</ID> 

E><! [CDATA [Red Hat 
NOLOGY> 


>789422824</ID> 
<NAM 


</POLICY> 


< 
< 


NTROL> 
D>1073</CID> 
<STATEM 


setting 


(expiration) 
expires! 


E><![CDATA[RHEL 5.x]]></NAM 


flag set]]></STAT 


EM. 


ENT> 


<CRITICALITY> 
UUE>5</VALUE> 
<LABE 
</CRITICALITY> 
/CONTROL> 
ASSIGN 
US>Rejected</STATUS> 
E>1</ACTIVE> 
EN ON EVIDENC 


Py 


E CHANG 


IED DAT 
RY LIST> 
<HISTORY> 
<USER><! [CDATA[John 
<COMM 
<INSE 
</HISTO 


F 


E 
E 


{ 


RY> 
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Gl 


ENT><![CDATA[Status of the 


/ Accounts having the 


E><! [CDATA[Scanner User] ]></ASSIGNEE 


EPTION NUMBER> 


P ADDRESS>10.10.30.159</IP_ ADDRESS> 


Linux 5.x]]></NAM 


Gl 


"Maximum Password Age' 


"password never 


><! [CDATA [URGENT] ] ></LABEL> 


E>O</R 


FOP 


EN ON ` 


EVI 


| 
Q 
aal 
> 
= 
Q 
Gl 


RATION DATE>N/A</EXPIRATION DATE> 
E>2017-01-15T08:53:192Z</MO 


DIFI 


(mnc_su)]]></USER> 
ENT><! [CDATA [test] ] ></COMMENT> 
RTION DATE>2017-01-05T06:48:13Z</INSERTION DATE> 
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<HISTORY> 


<US 


ER><![CDATA[Bill (mnc_ru) ]]></USER> 


E 


<COMMENT><! [CDATA [test] ] ></COMMENT> 


<IN 


£ 


SERTION DATE>2017-01-15T08:48:38Z</INSERTION DATE> 


</HISTORY> 
<HISTORY> 


<US 


ER><![CDATA[Mark (mnc_au) ]]></USER> 


<COMMENT><! [CDATA [test] ] ></COMMENT> 


<IN 


S] 


Ls: 


RTION DATE>2017-01-15T08:53:19Z</INSERTION DATE> 


</HISTORY> 


</HISTO 


RY LIST> 


</EXCEPTION> 


DTD 


<platform API server>/api/2.0/fo/compliance/exception/exception_list_output.dtd 


Request exception 


An exception is created with the expiry date matching the creation date. You can update 


the exception to change it. 


Parameter 


Description 


action=request 


(Required) POST method must be used. action=create is also 
valid. 


control_id={value} 


(Required) Specify the control ID of the control for which you 
want to request an exception. 


host_id={value} 


(Required) Specify the host ID of the host for which you want to 
request an exception. 


policy_id={value} 


(Required) Specify the policy ID of the policy that contains the 
control for which you want to request an exception. 


technology_id={value} 


(Required) Specify the technology ID of the technology associated 
with the host for which you want to request an exception. 


instance_string={value} 


(Optional) Specifies a single instance on the selected host. The 
instance string may be “os” or a string like 
“oracle10:1:1521:0ra10204u”. 


This parameter must be specified with: host_id. 


assignee_id={value} 


(Required) You can assign exception to another user. Specify user 
ID of the user, who has access to the hosts that the exceptions 
apply to. 


comments={value} 


(Required) User defined comments. 


reopen_on_evidence_change={0|1} 


(Optional) This applies only if the exception is approved. Reopen 
the exception if a future scan returns a value that is different 
than the current value and the control is still failing. 
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curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=requestécontrol id=1113&host_ id=28595192824& 
policy i1d=801459496&technology id=45&assignee 1d=2449482824 


reopen on evidence change=lé&comments=new ex 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/exception/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE SIMPLE RETURN SYSTEM 


ception" 


"https: //qualysapi.qualys.com/api/2.0/simple return.dtd"> 


<SIMPLE RETURN> 
<RES PONSE> 
<DATETIME>2015-12-15T10:14:432Z</DAT 


ETIM 


F> 


<TEXT>Exception created successfully</TEXT> 


<ITEM LIST> 


<KEY>EXCEPTION NUMB ER</KEY> 
<VALUE>15</VALUE> 
</ITEM> 
</ITEM LIST> 
</RESPONSE> 
</SIMPLE RETURN> 


DTD 
<platform API server>/api/2.0/fo/compliance/exception/ 


Update exceptions 


You can make changes to one or more exceptions on your hosts. All the actions you take 
are logged in the exception history with your name and a time stamp for when the action 


took place. 
Parameter Description 
action=update (Required) POST method must be used 


exception_numbers={value} (Required) Show a specific exception by specifying a valid 
exception number. Multiple entries are comma separated. An 
exception number range is specified with a hyphen (for example, 


50-55). 


comments={value} (Required) User defined comments. Your comments are saved in 


the exception history. 
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reassign_to=[value) (Optional) You can reassign exceptions to another user. Specify 
user ID of the user, who has access to the hosts that the 
exceptions apply to. 


reopen_on_evidence_change=[0|1 


Optiona 


) This applies only if the exceptio 


the exception if a future scan returns a va 
current value and the control is still failing. 


n is approved. Reopen 
ue different than the 


status={Pending|Approved|R (Optiona 
ejected} value is: 


) Update the status of the except 
Pending, Approved, and Rejected. 


exception status. 


ion request. A valid 
Tell me about 


end_date={mm/dd/yyyy} Optiona 


) Set the end date by entering a f 


uture date in 


mm/dd/yyyy format. For a never ending exception, set the expiry 


date to 0 


The end date is only relevant to Approved exceptions. 


Sample - Update exception 
API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -qd 

"action=update&exception numbers=55&status=Approvedéend date=12/16 
/2015écomments=status change" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/exception/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE BATCH RETURN SYSTEM 

"https://qualysapi.qualys.com/api/2.0/fo/compliance/exception/exce 
ption batch return.dtd"> 


<BATCH RETURN> 

<RES PONSE> 

<DATETIME>2018-01- 
<BATCH LIST> 


A 
= 
D 
H 
iG 
I 
V 


<NUMBER_ SET> 
< 


</NUMBER_SET> 
</BATCH> 
</BATCH_LIST> 
</RESPONSE> 
</BATCH_ RETURN> 


DTD 


NUMBER>55</NUMB 


07T11:24:422</DATETIME> 


EXT>Successfully Updated</TEXT> 


GI 


R> 


<platform API server>/api/2.0/fo/compliance/exception/exception_batch_return.dtd 
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action=delete (Required) POST method must be used 


exception_numbers={value} (Required) Specify the exception number. | 


Enter one or more 


exception numbers and/or ranges. Multiple entries are comma 
separated. 


Sample - Delete exceptions 
API request: 


curl -u "USERNAME: PASSWD" -H "X-Requested-With: Curl" -X "POST" -d 
"action=deleteé&exception numbers=40-41" 
"https://qualyapi.qualys.com/api/2.0/fo/compliance/exception/" 


XML response: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE BATCH RETURN 


SYSTEM 


"https://qualysapi.qualys.com/api/2.0/fo/compliance/exception/exce 
ption batch return.dtd"> 


<BATCH RETURN> 
<RES PONSE> 


<DATETIME>2018-01-07T11:22:202Z</DAT 


<BATCH LIST> 
<BATCH> 


<TEXT>Exception (s) 


<NUMBER_ SET> 


<NUMBER_RANG 
</NUMBER_SET> 
</BATCH> 


</BATCH_ LIST> 
</RESPONSE> 
</BATCH RETURN> 


DTD 


ETIME 


E>40-41</NUMB 


ER RANGI 


my 
Ë, 


> 


deleted successfully</TEXT> 


<platform API server>/api/2.0/fo/compliance/exception/exception_batch_return.dtd 
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SCAP Cyberscope Report 


Under the Federal Information Security Management Act of 2002 (FISMA), government 
agencies are obliged to report on their information security statuses using a common tool 
called Cyberscope. Qualys customers with the SCAP module enabled can scan their 
network and generate Cyberscope compatible XML reports, using new API functions, to 
meet these requirements. 


Qualys provides 3 different API functions for generating Cyberscope compatible XML 
reports as described below. The Cyberscope reports generated using these API functions 
return XML output in LASR format. 


Cyberscope report specification and the LASR format: 


http://scap.nist.gov/use-case/cyberscope 


SCAP Scan Results 
/api/2.0/fo/asset/host/cyberscope/fdcc/scan/ 


Create a Cyberscope report using scan results for a particular SCAP scan in the user's 
account. An SCAP scan ID or scan reference is required as input. The service uses only the 
data in the raw scan results to generate the report. When the parameters 
organisation_namel, organisation_namez2, and organisation_name3 are specified, the 
<al:Organization> elements are included in the XML report. 


Permissions: Users have permission to run this API function when the SCAP module is 
enabled for the user's subscription. Sub-accounts (Unit Managers, Scanners and Readers) 
must have the "Manage compliance" permission. 


Sample 1 - Select SCAP Scan by Scan ID 


Use the scan_id parameter to select an SCAP scan by scan ID. (A scan ID or reference 
number is required.) 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/fdc 
c/scan/?scan_id=4244823éso0rganisation_namel=Namel&organisation_name 
2=Name2éorganisation name3=Name3" 


To obtain the SCAP scan ID, log into the Qualys application and go to PC/SCAP > Scans > 
SCAP Scans to view the SCAP scans in your account. Hover over the SCAP scan that you re 
interested in and view the scan results (select View from the Quck Actions menu). You'll 
see the scan results URL in your browser and the scan ID value appears in the "id" 
parameter, as shown in this sample URL: 


https://qualyguard.qualys.com/fo/report/fdcc/fdcc_scan_result.php? 
id=4297720 
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Sample 2 - Select SCAP Scan by Scan Reference 


Use the scan_ref parameter to select an SCAP scan by scan reference number. (A scan 
reference number or scan ID is required.) 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0O0/fo/asset/host/cyberscope/fdc 
c/scan/?scan ref=qscap/1337984725.4360&organisation namel=Namel&or 
ganisation name2=Name2éorganisation name3=Name3" 


Sample 3 - IPs Filter 


Use the optional ips parameter to include only certain IP addresses in the report. You can 
enter a single IP, multiple IPs and/or IP ranges. Multiple entries are comma separated. 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/fdc 
c/scan/?scan_id=4268027é&ips=10.10.26.183é&é0rganisation_ namel=Namel1& 
organisation name2=Name2éorganisation name3=Name3" 


SCAP Policy Results 
/api/2.0/fo/asset/host/cyberscope/fdcc/policy/ 


Create a Cyberscope report using scan results data saved for a particular SCAP policy in 
the user’s account. A policy ID is required as input. These parameters allow users to 
customize the required “OrganisationName” elements in the XML report: 
organisation_namel, organisation_name2, and organisation_name3. 


The service uses automatic SCAP policy data for a selected policy and reports this in the 
datapoint <sr:DataPoint id:"configuration_management_agency_deviations">. The 
services uses the evidence data for the special rule "security_patches_up_to_date" and 
reports this in the datapoint <sr:DataPoint 
id:"vulnerability_management_product_vulnerabilities">. 


Permissions: Users have permission to run this API function when the SCAP module is 
enabled for the user's subscription and sub-accounts (Unit Managers, Scanners and 
Readers) have the "Manage compliance" permission. 


Sample 1 - Select an SCAP Policy 


Use the policy_id parameter to select an SCAP policy. Hosts in the policy will be included 
in the report unless filters are specified using the parameter ips and/or as_ids. 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/fdc 
c/policy/?policy id=3023lé&0rganisation namel=Nameléorganisation_na 
me2=Name2éorganisation name3=Name3" 
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'To obtain the SCAP policy ID, log into the Qualys application and go to PC/SCAP > Policies 
to view the policies in your account. Hover over the SCAP policy that you're interested in 
and edit it (select Edit from the Quck Actions menu). You'll see the policy editor URL in 
your browser and the policy ID value appears in the "id" parameter, as shown in this 
sample URL: 


https://qualyguard.qualys.com/fo/fdcc/edit policy.php?id=12345ére 
fresh parent=1 


Sample 2 - IPs Filter 


Use the ips parameter to include only hosts with the specified IP addresses. Enter a single 
IP, multiple IPs and/or IP ranges using the ips parameter. Multiple entries are comma 
separated. 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/fdc 
c/policy/?policy id=17012&ips=10.10.24.10&0rganisation namel=Namel 
&organisation name2=Name2éorganisation name3=Name3" 


Sample 3 - Asset Groups Filter 


Use the as_ids parameter to include only hosts in the specified asset groups. Multiple 
asset group IDs are comma separated. 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/fdc 
c/policy/?policy id=17012&ag_ ids=397405éips=10.10.25.70&organisati 
on_namel=Namelé&organisation name2=Name2é&organisation name3=Name3" 


SCAP Global Results 
/api/2.0/fo/asset/host/cyberscope/ 


Create a Cyberscope report using the SCAP scan data saved for all the SCAP policies in the 
subscription and also the automatic VM scan data saved in the subscription. You must 
enter IPs/ranges and/or asset group IDs as input. These parameters allow users to 
customize the required “OrganisationName’” elements in the XML report: 
organisation_namel, organisation_name2, and organisation_name3. 


= 


The service uses SCAP scan data for all the SCAP policies in the subscription and reports 
this in the datapoint <sr:DataPoint id:"configuration_management_agency_deviations">. 
This datapoint will include multiple Benchmark Data sections, one for each policy. Also 
the service uses the automatic VM data for applicable IPs (IPs in SCAP policies) and reports 
this in the datapoint <sr:DataPoint 
id:"vulnerability_management_product_vulnerabilities">. 


Permissions: Users have permission to run this API function when the SCAP module is 
enabled for the user's subscription. Sub-accounts (Unit Managers, Scanners, and Readers) 
will view only data for IP addresses that their accounts have access to. 
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Sample 1 - Select Hosts by IP 


Use the ips parameter to select hosts by IP/range. You can enter a single IP, multiple IPs 
and/or IP ranges using the ips parameter. Multiple entries are comma separated. (This 
parameter and/or ag_ids is required.) 


curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/?ip 
s=10.10.24.52é0rganisation namel=Namel&organisation name2=Name2éor 
ganisation name3=Name3" 


Sample 2 - Select Hosts by Asset Group 


Use the as_ids parameter to select hosts by asset group ID. You can enter one or more 
asset group IDs. Multiple IDs are comma separated. (This parameter and/or ips is 
required.) 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/?ag 
_ids=503424éo0rganisation namel=Namelé&organisation name2=Name2é&orga 
nisation_ name3=Name3" 


It’s possible to select hosts by entering a combination of IPs/ranges and asset group IDs. 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" 
"https://qualysapi.qualys.com/api/2.0/fo/asset/host/cyberscope/?ip 
s=10.10.24.52,10.10.25.2- 
10.10.25.255é&ag_ids=503424,503430é0rganisation namel=Nameléorganis 
ation_name2=Name2éorganisation_ name3=Name3" 
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SCAP ARF Report 
/api/2.0/fo/compliance/scap/arf/ 


Create a SCAP scan report in Asset Reporting Format (ARF), a requirement in the SCAP 1.2 
Specifications from NIST. 


Permissions - Users have permission to run this API function when the SCAP module is 
enabled for the user's subscription. Sub-accounts (Unit Managers, Scanners and Readers) 
must have the "Manage compliance" permission. 


Input parameters: 


Parameter Description 

scan_id={value} (Required) The scan ID for a finished SCAP scan. 

ips={value} (Optional) Use this parameter if you want to include only certain 
IP addresses in the report. You can enter a single IP, multiple IPs 


and/or ranges. Multiple entries are comma separated. 


ips_network_id={value} (Optional and valid only when the Network Support feature is 
enabled and the policy has SCAP 1.2 content) Use this parameter 
to restrict the report’s target to the IPs specified in the “ips” 
parameter (“1ps_network_id” is valid only when “ips” is specified 
in the same request). 


How do I find the scan ID? You'll see the scan ID in the Qualys user interface, when 
viewing SCAP scan results. In the scan results window’s title bar you'll see the report URL 
with its ID number in the “id” parameter, like this: 
https:///qualyguard.qualys.com/fo/report/fdcc/fdec_scan_result.php?id=3362251 


API Request: 


curl -u "USERNAME: PASSWORD" -H "X-Requested-With: Curl" -X POST -d 
"scan_id=3362251&ips=10.10.10.1-10.10.10.10" 
"https://qualysapi.qualys.com/api/2.0/fo/compliance/scap/arf/" 


XML Output: 
The XML output is compliant with the ARF 1.1 Schema. Show me this schema 
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/api/2.0/fo/compliance/fdcc_policy/?action=list 


[GET] [POST] 


Compliance 
SCAP Policy List 


View a list of SCAP policies visible to the user. Optional input parameters support filtering 


the policy list output. 


Maximum Policies per API Request 


A maximum of 1,000 SCAP policy records can be processed per request. If the requested 
list identifies more than 1,000 policies, then the XML output includes the <WARNING> 
element and instructions for making another request for the next batch of policy records. 


Permissions 


User Role 


Permissions 


Manager 


View 


information for a 


all SCAP poli 


cles 


in subscription. View asset group 
l asset groups assigned to policies. 


Auditor 


View 


information for a 


all SCAP poli 


cles 


in subscription. View asset group 
l asset groups assigned to policies. 


Unit Manager 


View 


compliance” permissio 
gs. View asset group informa 
assigned to SCAP polici 
these asset group 


settin 


view 


all SCAP poli 


cies 


es, when the user has permi 
S. 


in subscription, when the “Manage 
n is turned on in the user account 
tion for asset groups 


ssion to 


Scanner 


View 


compliance” permissio 
et group information for asset groups 
assigned to SCAP polici 
these asset group 


settin 


view 


all SCAP poli 


gs.. View ass 


cies 


n is turned on in the user ac 


es, when the user has permi 
S. 


in subscription, when the “Manage 


count 


sslon to 


Reader 


View 


compliance” permissio 
et group information for asset groups 
assigned to SCAP polici 
these asset groups. 


settin 


view 


all SCAP poli 


gs.. View ass 


cles 


n is turned on in the user ac 


in subscription, when the “Manage 


count 


es, when the user has permi 


ssion to 


Input Parameters 


Parameter 


Description 


action=list 


(Required) 


echo_request={0|1} 


(Optional) Show (echo) the request’s input parameters (names 
and values) in the XML output. When unspecified, parameters 
are not included in the XML output. Specify 1 to view parameters 
in the XML output. 
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details={Basic|All|None} 


(Optional) Show the requested amount of host information for 
each host. A valid value is: 
Basic - (default) Includes all SCAP policy details except the asset 
group list and SCAP file list 
All - includes all SCAP policy details 

None - includes SCAP policy ID and title 


ids={value} 


(Optional 
more policy II 


Show only certain SCAP policy IDs/ranges 
Ds/ranges may be specified. Valid host IDs are 
required. Multiple entries are comma separated. A policy ID 


. One or 


range is specified with a hyphen (for example, 190-400). 


id_min={value} 


(Optional 


policy ID value. A valid SCAP policy ID is required. 


Show only SCAP policies which have a minimum SCAP 


id_max=({value} 


(Optional 


Show only SCAP policies which have a maximum 


SCAP policy ID value. A valid SCAP policy ID is required. 


DTD 


<platform API server>/api/2.0/fo/compliance/fdcec_policy/fdcec_policy_list_output.dtd 


Sample - SCAP Policy List 
Sample SCAP policy list output (fragment) with details=All is below. 


<!DOCTYPE 


POLICY LIST OUTPUT SYSTEM 


"https://qualysapi.qualys.com/api/2.0/fo/compliance/fdcc policy/fd 
cc policy list output.dtd"> 


<FDCC_POLICY LIST OUTPUT> 
<RESPONSE> 
<DATETIME>2012-07-19T22:10:16Z</DATETIME> 
<FDCC_POLICY_ LIST> 
<FDCC_POLICY> 
<ID>10235</ID> 
<TITLE><! [CDATA[XP policy] ]></TITLE> 
<DESCRIPTION><! [CDATA[This benchmark has been created to 


assist IT professionals, 


in particular Windows XP system 


administrators and information security personnel, in effectively 
securing Windows XP Professional SP2 systems.]]></DESCRIPTION> 
<BENCHMARK><! [CDATA[FDCC-Windows-XP] ] ></BENCHMARK> 
<BENCHMARK PROFILE><! [CDATA[federal desktop core configuration ver 
sion _1.2.1.0]]></BENCHMARK PROFILE> > So E 
<BENCHMARK STATUS DATE>2009-04- 
08T00:00:00Z</BENCHMARK STATUS DATE> 
<VERSION><! [CDATA[v1.2.1.0]]></VERSION> 
<TECHNOLOGY><! [CDATA [Windows XP Desktop]]></TECHNOLOGY> 
<NIST PROVIDED><! [CDATA[No]]></NIST PROVIDED> 
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<CREATED> 
<DATETIME>2012-07-18T23:03:352Z</DATETIME> 
<BY>USERNAME</BY> 
</CREATED> 
<LAST MODIFIED> 
<DATETIME>2012-07-181T23:03:35Z</DATETIME> 
<BY>USERNAME</BY> 
</LAST MODIFIED> 
<ASSET GROUP _LIST> 
<ASSET P> 
<ID>414242</ID> 
<TITLE><! [CDATA[10.10.10.40] ]></TITLE> 
</ASSET | 
<ASSET_ GROUP> 
<ID>414942</ID> 
<TITLE><! [CDATA[10 range] ]></TITLE> 
</ASSET_GROUP> 
<ASSET_GROUP> 
<ID>419582</ID> 
<TITLE><! [CDATA[10.10.10.29] ]></TITLE> 
</ASSET_GROUP> 
<ASSET_GROUP> 
<ID>419702</ID> 
<TITLE><! [CDATA[10.10.10.28-16-191]]></TITL 
</ASSET_GROUP> 
</ASSET GROUP _LIST> 
<FDCC_ FILE LIST> 
<FDCC_FILE> 
<FILE NAME><! [CDATA[fdcc-winxp-xccdf.xml] ]></FILE NAME> 


O 
J 
O 
C 


eal 
V 


eal 
FH 


T 


<FILE HASH><! [CDATA[Ocla49c4ca47187995b543cfdcf35783]]></FILE HASH 


</FDCC_FILE> 

<FDCC_FILE> 

<FILE NAME><! [CDATA[fdcc-winxp-cpe- 
oval.xml]]></FILE NAME> 


<FILE HASH><! [CDATA[£397b9068b3881lef2a35c948326e6e4e] ] ></FILE HASH 
> 


</FDCC_FILE> 

<FDCC_FILE> 

<FILE NAME><! [CDATA[fdcc-winxp-cpe- 
dictionary.xml] ] ></F ILE NAME> 


<FILE HASH><! [CDATA[333b9b03961c58e65263bc86b4e0cdef] ]></FILE HASH 
> 
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</FDCC_FILE> 
<FDCC_FILE> 
<FILE NAME><! [CDATA[fdcc-winxp-oval.xml]]></FILE NAME> 


<FILE HASH><! [CDATA[dlcf1f195bb58£295ca4b17dea2£99f0]]></FILE HASH 


</FDCC_FILE> 
<FDCC_FILE> 

<FILE NAME><! [CDATA[fdcc-winxp- 
patches.xml]] ></FI E NAME> 


<FILE HASH><! [CDATA[4ae1b306344ef564c5da479a4a3d7£53] ]></FILE HASH 
> 


</FDCC_FILE> 
</FDCC_FILE LIST> 
</FDCC_POLICY> 
<FDCC_POLICY> 


<FDCC POLICY LIST> 


<FDCC_ POLICY LIST OUTPUT> 
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Users and Activity Log 


Add, update, list and delete users in your subscription. 
User List 

Add/Edit User 

User Registration Process 

Accept Qualys EULA 

Activate/Deactivate Users 

User Password Change 


Export User Activity Log 


User List 
/msp/user_list.php 
[GET] [POST] 


View the users in the subscription. XML responses provides details about each user such 
as the user’s login ID, account info, assigned asset groups, permissions. Session based 
authentication is not supported using this API. 


When the API request is made by a Manager or Unit Manager, the last login date for each 
user is provided in the XML results. This is the most recent date and time the user logged 
into the service. For a Manager, the last login date appears for all users in the subscription. 
For a Unit Manager, the last login date appears for all users in the Unit Manager’s same 
business unit. 


Permissions - Managers and Administrators can view all users in subscription. See Unit 
Manager Permissions for full details. 


Express Lite - This API is available to Express Lite users. 


Unit Manager Permissions 


Unit Managers can view full user account details for users in their business unit. Unit 
Managers may also be able to view partial user account details for users outside of their 
business unit. This is determined by a subscription level permission set by Managers in 
the user interface. 


If “Restrict view of user information for users outside of business unit” is not selected (the 
default), then Unit Managers have an unrestricted view and can see partial details about 
users who are not in their assigned business unit. 
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If “Restrict view of user information for users outside of business unit” is selected, then 

Unit Managers have a restricted view and cannot see any details for users who are not in 
their assigned business unit. For example, Unit Managers in Business Unit A would not be 
able to view general information or asset group assignments for users in Business Unit B. 


The following table describes the amount of detail visible to Unit Managers for different 
types of users based on whether the Unit Manager has a restricted or unrestricted view. 


Amount of Detail Visible 


User Type Being Viewed Unrestricted View Restricted View 
Unit Manager, Scanner or Reader in the business unit Full Full 

Scanner or Reader not in the business unit Partial None 

Unit Manager not in the business unit Partial None 

Manager Partial None 


Full user account details include: user login, general information, assigned asset groups, 
user role, business unit, the Unit Manager Point of Contact (POC), the Manager POC, 
extended permissions and email notifications. 


With a Partial view, the following details are not visible: user login, extended permissions 
and email notifications. 


Input Parameters 


Parameter Description 


external_id_contains={strin (Optional) Show only user accounts with an external 

g} ID value that contains a certain string. The string you 
specify can have a maximum of 256 characters. The 
characters can be in uppercase, lowercase or mixed 
case (the service performs case sensitive matching). 
HTML or PHP tags cannot be included. 


Only one of these parameters may be specified for a 
single API request: external_id_contains or 
external_id_assigned. 


external_id_assigned={0|1} (Optional) Specify 1 to show only user accounts which 
have an external ID value assigned. Specify 0 to show 
only user accounts which do not have an external ID 
value assigned. 


Only one of these parameters may be specified for a 
single API request: external_id_contains or 
external_id_assigned. 


DTD 
<platform API server>/user_list_output.dtd 
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Add/Edit User 
/msp/user.php 
[GET] [POST] 


Add a user account or edit an existing account. You can add users to the “Unassigned” 
business unit or an existing, custom business unit. For each new account (except when 
the user role is Contact) the service automatically generates login credentials, including a 
login ID and “strong” password. 


Permissions -Mangers can add/edit user accounts in any business unit. Unit Managers can 
add/edit users in their own business unit. Administrators can add/edit user all accounts 
except Manager and Administrator user. 


Express Lite - This API is available to Express Lite users. A total of 3 users can be added per 
subscription. 


Adding user to custom business unit 
To add users to a custom business unit, follow these steps: 


- With a Manager or user administrator account, log into the Qualys user interface and 
create the business unit. Note business units may be created using the Qualys user 
interface only. 


- If a Unit Manager is not already assigned to the business unit, you must add one. With a 
Manager account, make a user.php request to add a Unit Manager who is automatically 
assigned as the business unit’s point of contact (POC). 


- With a Manager or Unit Manager account, make a user.php request to add other users to 
the custom business unit. A Manager and user administrator can add a user to any 
business unit, while a Unit Manager can add a user to their own business unit. 


Delivery of new account credentials to user 


When adding a new user (except Contact), the API user has the option to deliver login 
credentials directly to the user via email or through the application as follows. 


Email notification - By default the user.php function sends the new user an email 
notification with a secure link to their login credentials. When the user clicks the secure 
link to view the credentials, the service changes the account status automatically from 
“Pending Activation” to “Active”. 


XML output - Instead of sending an email notification, the API user has the option to 
return the new user’s login credentials in the XML output document. To do this, make a 
user.php request with the send_email=0 input parameter. As a result the service returns 
the user’s login ID and password as XML value pairs in the XML output, and the account 
status is automatically set to “Active”. 
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First login completes account registration 


To complete account registration, a new user must log into the Qualys user interface with 
their assigned login information (platform URL and login credentials). When the user has 
been created using the user.php function the user can login using the Qualys user 
interface or using the acceptEULA.php API function. See “User Registration Process” and 
“Accept Qualys EULA” or more information. 


Editing accounts - edit and clear options 
For an existing account, you can edit and clear account parameters as follows. 


Edit Parameters - An existing user may be edited using user.php to update the user name 
and general information. Additional parameters can be edited using the Qualys user 
interface. When editing parameters using user.php, existing parameter values are 
replaced with newly specified ones. For example, if you edit an existing Scanner with the 
assigned asset group “New York” and you wish to add the asset group “Hong Kong”, then 
the edit request would include asset_groups=New+ York, Hong+Kong. An edit request can 


“a 


be used to clear (reset) parameters by assigning the empty string ““. 


Input Parameters 


Parameter Description 


action=add|edit (Required) A flag indicating an add or edit request. Specify 
“add” to add a new user, or “edit” to edit an existing user. 


login={login} (Required for Edit, not valid for Add) Specifies the Qualys 
user login of the user account you wish to edit. This 
parameter is invalid for an add request. 


New User - Login Credentials 


Parameter Description 


send_email={0|1} (Optional for Add, not valid for Edit) Specifies whether the 
new user will receive an email notification with a secure 
link to their login credentials. This parameter is invalid 
when the user role is Contact. 


1 — (the default) specifies that an email notification will 
be sent to the new user. The user clicks a secure link in 
the email to view the login ID and password. 


O — specifies that an email notification will not be sent to 
the new user, and the XML report returned by the 
function will include the login ID and password for the 
user account as XML value pairs. 
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Description 


user_role={role} 


(Required for Add, not valid for Edit, not valid for Express 
Lite users) Specifies the user role. A valid value is: 
manager, unit_manager, scanner, reader, contact or 
administrator. The first user added to a new custom 
business unit must be unit_manager. 


business_unit=({title} 


Required for Add, not valid for Edit, not valid for Express 
Lite user) Specifies the user’s business unit. A valid value 
is “Unassigned”, or the title of an existing custom 

business unit. Note a custom business unit may be added 
using the Qualys user interface. 


asset_groups={grp1,grp2...} 


Optional) Specifies the asset groups assigned to the user, 
when the user role is Scanner, Reader or Contact. Multiple 
asset groups are comma separated. This parameter is 
invalid when the user role is Manager or Unit Manager. 


General Information 


Parameter 


Description 


first name={name} 


(Required for Add, Optional for Edit) Specifies the user's 
first name. The name may include a maximum of 50 
characters. 


ast_name={name} 


(Required for Add, Optional for Edit) Specifies the user's 
last name. The name may include a maximum of 50 
characters. 


title=(title} 


(Required for Add, Optional for Edit) Specifies the user's 
job title. The title may include a maximum of 100 
characters. 


phone={value} 


(Required for Add, Optional for Edit) Specifies the user's 
phone number. This value may include a maximum of 40 
characters. 


fax=(value 


(Optional) The user's FAX number. This value may include 
a maximum of 40 characters. 


email={value 


Required for Add, Optional for Edit) Specifies the user's 
email address. The address must be a properly formatted 
address with a maximum of 100 characters. 


address1={value} 


Required for Add, Optional for Edit) Specifies the user’s 
address line 1. This value may include a maximum of 80 
characters. 


address2={value} 


Optional) Specifies the user’s address line 2. This value 
may include a maximum of 80 characters. 


city={value} 


(Required for Add, Optional for Edit) Specifies the user’s 
city. This value may include a maximum of 50 characters. 
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Description 


country={code} 


Required for Add, Optional for Edit) Specifies the user’s 
country code. See “Sample - Add user” to find an 
appropriate country code. 


state=(code} 


Required for Add for some country codes, Optional for 
Edit) Specifies the user’s state code. A valid value depends 
on the country code specified for the country parameter. 


You must enter a state code using the state parameter 
when the country code is one of: “United States of 


America”, “Australia”, “Canada” or “India”. See State 
Codes for United States 


For other country codes, a state code does not need to be 
specified using the state parameter. See State codes. You 
can enter the state code “none” (optional). 


zip_code={zipcode} 


(Optional) Specifies the user’s zip code. This value may 
include a maximum of 20 characters. If not specified, this 
is set to the zip code in the API user’s account. 


external_id={value} 


(Optional) Specify a custom external ID value. The 
external ID value can have a maximum of 256 characters, 
and it is case sensitive. The characters can be in 
uppercase, lowercase or mixed case. HTML or PHP tags 
cannot be included. 


n 


Specify external_id= or external_id=”" to delete an 
external ID value from an existing account. 


Sample - Add user 


Add a new user, Chris Washington, to the Unassigned business unit with the Scanner user 
role, and automatically send the user an email notification with a secure link to his login 


credentials. 


API request: 


https://qualysapi.qualys.com/msp/user.php?action=addéuser role=sca 
nnerébusiness unit=Unassignedéfirst name=Chrisélast_name=Washingto 
nétitle=Security+Consultant &phone=2126667777&fax=2126667778é&email= 
chris@mycompany.coméaddress1=500+Charles Avenueé&address2=Suitet126 
O&city=Newt+Yorkécountry=Unitedt+StatestoftAmerica&state=NewtYork&zi 
p_code=10004 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 


<!DOCTYPE 


"ht 
<US 


US 


ER OUTPUT SYSTEM 
tps://qualysapi.qualys.com/user output.dtd"> 
ER OUTPUT> 


<API name="user.php" username="sabkl_ av1l" at="2018-07- 


20T22:54:252" 


/> 
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ETURN status="SUCCESS"> 

<MESSAGE>quays cw4 user has been successfully 
ed.</MESSAGE> 

ETURN> 
R_OUTPUT> 


crea 
</ 
</USI 


Pl” a 


Sample - Edit user to change title 
API request: 


https://qualysapi.qualys.com/msp/user.php?action=edit&login=quays _ 
chétitle=CI0O 


XML output: 


<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE USER OUTPUT SYSTEM 
"https://qualysapi.qualys.com/user output.dtd"> 
<USER OUTPUT> 
<API name="user.php" username="Sabkl avl" at="2018-07- 
207232063352" /> E 

<RETURN status="SUCCESS"> 
<MESSAGE>quays ch user has been successfully 
updated.</MESSAGE> 
</RETURN> 
</USER_OUTPUT> 


Sample - External ID 


Add the external ID “Qualys123” to the existing user account “qualys_ab5” when that 
account does not already have an external ID: 


https://qualysapi.qualys.com/msp/user.php?action=edit& 
login=qualys abS&external id=Qualys123 


Add the external ID “Qualy123” to the existing user account “qualys_ab” when that 
account already has an external ID: 


https://qualysapi.qualys.com/msp/user.php?action=edit& 
login=qualys ab5&external id=Qualys123 


Delete the external ID currently defined for the user account “qualys_ab5”: 
https://qualysapi.qualys.com/msp/user.php?action=edit& 
login=qualys ab5Sé&external id= 

Sample - Set Timezone 


Assign a timezone to a user using the optional parameter “time_zone_code”. 
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Sample - Set specific timezone (i.e. pass timezone code) 


https://qualysapi.qualys.com/msp/user.php?action=addéuser role=sca 
nnerébusiness unit=Unassignedéasset groups=New+York, Dallasé&first_n 
ame=Chrisé&last name=Woodsétitle=Security+Consultant éphone=21266677 
77&f£ax=2126667778 &email=chris@mycompany.com&address1=500+Charles A 
venueéaddress2=Suitet1260é&city=New+York&country=Unitedt+Statest+oft+A 
mericaé&éstate=NewtYorkézip code=10004&time_ zone _code=US-NY 


Sample - Set user profile to browser's timezone (i.e. pass empty/null) 


https://qualysapi.qualys.com/msp/user.php?action=edit&login=acme a 
b&time_ zone code=" 


Looking for timezone codes? Use the time zone code list function to request the list: 


<platform API server>/msp/time_zone_ code list.php 


DTD 
<platform API server>/user_output.dtd 


Default Parameters - New User 


Several user parameters are set automatically when a new user is created. These are 
identified below. The parameter value “* is the value defined for the user account making 
the API request. 


Unit Adminis- 

Manager Manager trator Scanner Reader Contact 
General and User Role 
Zip code Fkk Fkk Fkk *** Fkk Fkk 
Comp any **k* Fkk Fkk Fkk Fkk Fkk 
Language _ Fkk Fkk Fkk Fkk Fkk Fkk 
KnowledgeBase 
User Status Pending Pending Pending Pending Pending Active 


activation activation activation activation activation 


Allow access to GUI and GUI and GUI and GUI and GUI and n/a 


API API API API API 
Notification Options 
Latest Weekly Weekly n/a Weekly Weekly Weekly 
Vulnerabilities 
Scan Summary All Scanson n/a Scanson Scanson Scans on 
assigned assigned assigned assigned 
groups groups groups groups 
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Unit Adminis- 
Manager Manager trator Scanner Reader Contact 
Map Summary All Mapson n/a Mapson Mapson Maps on 
assigned assigned assigned assigned 
groups groups groups groups 
Daily Trouble NO NO NO NO n/a 
Ticket Updates 
Extended Permissions 
Add assets n/a NO n/a n/a n/a n/a 
Create option n/a YE n/a YE n/a n/a 
profiles 
Purge host n/a NO n/a NO n/a n/a 
information/histo 
ry 
Create/edit n/a NO n/a n/a n/a n/a 
remediation 
policy 
Create/edit n/a NO n/a n/a n/a n/a 
authentication 


records 


Country codes 


Afghanistan | Albania | Algeria | Andorra | Angola | Anguilla | Antartica | Antigua and Barbuda | 
Argentina | Armenia | Aruba | Australia | Austria | Azerbaijan | Bahamas | Bahrain | Bangladesh | 
Barbados | Belarus | Belgium | Belize | Benin | Bermuda | Bhutan | Bolivia | Bosnia-Herzegovina | 
Botswana | Bouvet Island | Brazil | British Indian Ocean Territory | Brunei Darussalam | Bulgaria | 
Burkina Faso | Burundi | Cambodia | Cameroon | Canada | Cape Verde | Cayman Islands | 

Central African Republic | Chad | Chile | China | Christmas Island | Cocos (Keeling) Islands | Colombia | 
Comoros | Congo | Cook Islands | Costa Rica | Cote D'Ivoire | Croatia | Cuba | Cyprus | Czech Republic | 
Denmark | Djibouti | Dominica | Dominican Republic | East Timor | Ecuador | Egypt | El Salvador | 
Equatorial Guinea | Estonia | Ethiopia | Faeroe Islands | Falkland Islands (Malvinas) | Fiji | Finland | 
France | French Guiana | French Polynesia | French Southern Territories | Gabon | Gambia | Georgia | 
Germany | Ghana | Gibraltar | Greece | Greenland | Grenada | Guadeloupe | Guatemala | Guernsey, C.I. | 
Guinea | Guinea-Bissau | Guyana | Haiti | Heard and McDonald Islands | Honduras | Hong Kong | 
Hungary | Iceland | India | Indonesia | Iran (Islamic Republic of) | Iraq | Ireland | Isle of Man | Israel | 
Italy | Jamaica | Japan | Jersey, C.I. | Jordan | Kazakhstan | Kenya | Kiribati | Korea | Kuwait | 
Kyrgyzstan | Lao Peoples Democratic Republi | Latvia | Lebanon | Lesotho | Liberia | 

Libyan Arab Jamahiriya | Liechtenstein | Lithuania | Luxembourg | Macau | Macedonia | Madagascar | 
Malawi | Malaysia | Maldives | Mali | Malta | Marshall Islands | Martinique | Mauritania | Mauritius | 
Mexico | Micronesia, Fed. States of | Moldova, Republic of | Monaco | Mongolia | Montserrat | Morocco | 
Mozambique | Myanmar | Namibia | Nauru | Nepal | Netherland Antilles | Netherlands | 

Neutral Zone (Saudi/Iraq) | New Caledonia | New Zealand | Nicaragua | Niger | Nigeria | Niue | 
Norfolk Island | Northern Mariana Islands | Norway | Oman | Pakistan | Palau | Panama Canal Zone | 
Panama | Papua New Guinea | Paraguay | Peru | Philippines | Pitcairn | Poland | Portugal | Puerto Rico | 
Qatar | Reunion | Romania | Russia | Rwanda | Saint Kitts and Nevis | Saint Lucia | Samoa | San Marino | 
Sao Tome and Principe | Saudi Arabia | Senegal | Seychelles | Sierra Leone | Singapore | Slovak Republic | 
Slovenia | Solomon Islands | Somalia | South Africa | Spain | Sri Lanka | St. Helena | 

St. Pierre and Miquelon | St. Vincent and the Grenadines | Sudan | Suriname | 

Svalbard and Jan Mayen Islands | Swaziland | Sweden | Switzerland | Syrian Arab Republic | Taiwan | 
Tajikistan | Tanzania, United Republic of | Thailand | Togo | Tokelau | Tonga | Trinidad and Tobago | 
Tunisia | Turkey | Turkmenistan | Turks and Caicos Islands | Tuvalu | U.S.Minor Outlying Islands | 
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Uganda | Ukraine | United Arab Emirates | United Kingdom | United States of America | Uruguay | 
Uzbekistan | Vanuatu | Vatican City State | Venezuela | Vietnam | Virgin Islands (British) | 
Wallis and Futuna Islands | Western Sahara | Yemen | Yugoslavia | Zaire | Zambia | Zimbabwe 


State codes 


State Codes for United States 
Value state codes when country is “United States of America”: 


Alabama | Alaska | Arizona | Arkansas | Armed Forces Asia | Armed Forces Europe | Armed Forces 
Pacific | California | Colorado | Connecticut | Delaware | District of Columbia | Florida | Georgia | Hawaii | 
Idaho | Illinois | Indiana | Iowa | Kansas | Kentucky | Louisiana | Maine | Maryland | Massachusetts | 
Michigan | Minnesota | Mississippi | Missouri | Montana | Nebraska | Nevada | New Hampshire | 

New Jersey | New Mexico | New York | North Carolina | North Dakota | Ohio | Oklahoma | Oregon | 
Pennsylvania | Rhode Island | South Carolina | South Dakota | Tennessee | Texas | Utah | Vermont | 
Virginia | Washington | West Virginia | Wisconsin | Wyoming 


State Codes for Australia 
Valid state codes when country is “Australia”: 


No State | New South Wales | Northern Territory | Queensland | Tasmania | Victoria | Western Australia 


State Codes for Canada 
Valid state codes when country is “Canada”: 


No State | Alberta | British Columbia | Manitoba | New Brunswick | Newfoundland | 
Northwest Territories | Nova Scotia | Nunavut | Ontario | Prince Edward Island | Quebec | Saskatchewan | 
Yukon 


State Codes for India 
Valid state codes when country is “India”: 


No State | Andhra Pradesh | Andaman and Nicobar Islands | Arunachal Pradesh | Assam | Bihar | 
Chandigarh | Chattisgarh | Dadra and Nagar Haveli | Daman and Diu | Delhi | Goa | Gujarat | Haryana | 
Himachal Pradesh | Jammu and Kashmir | Jharkhand | Karnataka | Kerala | Lakshadadweep | 

Madhya Pradesh | Maharashtra | Manipur | Meghalaya | Mizoram | Nagaland | Orissa | Pondicherry | 
Punjab | Rajasthan | Sikkim | Tamil Nadu | Tripura | Uttar Pradesh | Uttaranchal | West Bengal 
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User Registration Process 


When a new user account is created, the service by default sends the user an email titled 
“Registration - Start Now”. This email includes a secure link to the user's login information 
including platform URL and login credentials. Instead of sending an email notification, the 
API user has the option to return login credentials using user.php function with the 
send_email=0 input parameter. 


The user must complete the first login to the service in order to complete the account 
registration and accept the Qualys EULA (End User License Agreement). When the first 
login is completed, the service sends the user an email titled “Registration - Complete”. 


A new user has the option to complete the first login by simply logging into the Qualys 
user interface, as long as the user is granted the GUI access method. (Note a new user 
created using the user.php function is automatically granted the GUI and API access 
methods.) Using the Qualys user interface, the user is directed to the First Login form to 
complete the registration and accept the Qualys EULA. 


The acceptEULA.php API function is provided as a programmatic method for completing 
the registration and accepting the Qualys EULA. To use complete the first login using the 
acceptEULA.php function, the user must submit an API request using their platform URL 
and login credentials. 


Important: If a new user account is created using the Qualys user interface and the 
account is granted the API access method only (without the GUI access method), the user 
must complete the first login using the acceptEULA.php API function. If the 
acceptEULA.php API request is not made or it is not successful, the new account will not 
be activated and any API requests submitted using the new account will fail. 
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Accept Qualys EULA 
/msp/acceptEULA.php 
[GET] [POST] 


Allows Qualys users to complete the registration process and accept the Qualys End User 
License Agreement (EULA) on behalf of their customers. This function provides 
programmatic acceptance of the Qualys EULA. 


Anew user can complete the registration process and accept the Qualys EULA through the 
Qualys user interface as long as their account is granted the GUI access method. (Note a 
new user created using the user.php function is automatically granted the GUI and API 
access methods.) Optionally, a new user can complete the registration and accept the 
Qualys EULA using the acceptEULA.php function. See User Registration Process 


A Web application that allows Qualys EULA acceptance can be setup as follows. Inside the 
third party web application, a developer can setup a Web form that displays the Qualys 
EULA and has an “I Accept” button. A new Qualys user opens the Web form in a browser, 
reads the EULA description and clicks “I Accept” in the Web form. The third party’s 
program submits an HTTP request to the Qualys API server using the acceptEULA. php. 
Along with the acceptEULA.php URL, the application must send Qualys user account 
credentials (login and password) as part of the HTTP request. 


Permissions - Any user with permission to log in to Qualys can complete the registration 
and accept the EULA. 


Sample - Accept the Qualys EULA on behalf of a user 


API request: 
https://qualysapi.qualys.com/msp/acceptEULA. php 


XML output: 
<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE GENERIC RETURN SYSTEM 
"https: //qualysapi.qualys.com/generic_return.dtd"> 
<GENERIC_RETURN> 
<API name="acceptEULA.php" username="rob" at="2018-05- 
10T13:44:23" /> 
<RETURN status="SUCCESS"> 

TNC accepted within MSP 

</RETURN> 
</GENERIC_RETURN> 


DTD 
<platform API server>/generic-return.dtd 
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Activate/Deactivate Users 
/msp/user.php 
[GET] [POST] 


Activate and deactivate user accounts. A user with inactivate status can be activated. A 
user with active status can be deactivated. Session based authentication is not supported 
using this API. 


These actions correspond to the activate/deactivate options in the Qualys UI. Note new 
accounts are activated by default after the user completes the account activation process 
(registration) by logging into the service for the first time. 


Permissions -Mangers can activate/deactivate all users in subscription. Unit Managers can 
activate/deactivate users in their own business unit. Administrators can 
activate/deactivate all users except Manager and Administrator user. 


Express Lite - This API is available to Express Lite users. 


Input Parameters 


Parameter Description 


action=activate|deactivate (Required) A flag indicating the desired action. Specify 
“activate” to activate a user account that has an 
“Inactive” status, or specify “deactivate” to deactivate a 
user account that has an “Active” status. When an 
account is deactivated, the user’s account settings will 
not be deleted. 


A user account cannot be activated or deactivated if 
the account status is “Pending Activation”. 


login={login} (Required) Specifies the Qualys user login for the user 
account you wish to activate or deactivate. 


Samples 
Deactivate the user account “qualys_ab3” (and this account has an “Active status): 


https://qualysapi.qualys.com/msp/user.php?action=deactivateé 
login=qualys ab3 
Activate the user account “qualys_ab3” (and this account has an “Inactive” status): 


https://qualysapi.qualys.com/msp/user.php?action=activateé 
login=qualys ab3 


DTD 
<platform API server>/user_output.dtd 
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User Password Change 
/msp/password_change.php 
[GET] [POST] 


Change passwords for all or some users in the same subscription. Many Qualys customers 
have an internal security policy requirement to change passwords for users at a particular 
time interval. Changing password for multiple users at once as batch process is supported. 
New passwords are automatically generated by the service. 


noas 


It's possible to change passwords for user accounts with a status of “active”, “inactive” or 
“pending activation”. It’s not possible to change passwords for deleted accounts. Since 
Contact users do not have login access to Qualys, it’s not possible to change passwords for 
Contacts. 


A password change API request returns a password change XML report indicating the user 
accounts affected and whether password changes were made for each account. A success 
message is included when passwords were changed on all target accounts. A warning 
message is included if passwords for any of the target accounts could not be changed. 
Upon error, an error message is included. 


By default the password changes made by the password_change.php API causes the 
service to automatically send each affected user an email which notifies them of the 
password change. If you do not wish users to receive this email notification, you have the 
option to return the user login ID and password for affected users as XML value pairs in 
the password change report. To do this, make a password_change.php request and specify 
the email=0 parameter. If you make such a request on an account with the status 
“pending activation”, the function automatically assigns the “active” status since the login 
credentials are available in the XML report. 


Permissions - Managers can change passwords for all users in subscription, except the 
user making the request. Unit Managers can change passwords for all users in same 
business unit, except the user making the request. Administrators can change passwords 
for all users in subscription, except Manager and the user making the request. 


Express Lite - This API is available to Express Lite users. 
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Input Parameters 


Parameter Description 


user_logins={value} (Required) Specifies one or more QualysGuard user login 
IDs of target user accounts. Multiple user login IDs are 
comma separated. Specify user_logins=all to change the 
password for all users in the user's account, except the 
requesting user. See Permissions 


email={0|1} (Optional) Specifies whether users will receive an email 
notification alerting them to the password change. 


1 — (the default) specifies that an email notification will 
be sent to affected users. Each user clicks a secure link in 
the email to view the new password. 

0 — specifies that email notifications will not be sent to 
affected users, and the XML report returned by the 
function will include the login ID and password for each 
user account as XML value pairs. 


Samples 


Make a password change request for two accounts and send affected users an email 
notification including a secure link to their new password: 


https://qualysapi.qualys.com/msp/password_ change.php? 
user logins=acme_ jr,acme dd 


Make a password change request for all users in the API user’s account (except the API 
user) and return the login ID and password for each affected user in the password change 
XML response: 


https://qualysapi.qualys.com/msp/password change.php? 
user logins=all&email=0 


DTD 
<platform API server>/password_change_output.dtd 
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Export User Activity Log 
/api/2.0/fo/activity_log/ 
[GET] [POST] 


Export the user activity log for a subscription to CSV format. 


Input Parameters 


Parameter Description 
action=list (Required) 
user_action={value} (Optional) You can filter the output based on the 


actions. For example, login (for user login), launch (for 
scan launched), finished (for scan finished), etc. 

The actions which are included in the output depend 
on the user who runs the API. Managers see all actions 
taken by all users. Unit Managers see actions taken by 
users in their business unit. Scanners and Readers see 
their own actions only. 


action_details={value} (Optional) Filter on further information about the user 
actions. For example, for the action “error”, you can 
filter by the error details “No connection from scanner 
appliance”. 


username={value} (Optional) The name of the user who performed the 

action. Usernames are included in the output only if 
the user running the API is a Manager or a Unit 
Manager. A Unit Manager can see usernames only for 
users in the Unit Manager’s hierarchy. 


since_datetime={value} Optional) Specify the date to include the activity log 
starting from that point in time. Date must be in the 
format YYYY-MM-DD HHi:ii:ss, and must be less than 
or equal to today’s date. 


until_datetime={value} Optional) Specify the date to include the activity log 
until a specific point in time. Date must be in the 
format YYYY-MM-DD HHi:ii:ss, and must be more than 
or equal to since_datetime, and less than or equal to 
today’s date. 
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user_role={value} (Optional) A Manager or Unit Manager can choose to 
export logs for certain user roles instead of all user 
roles. Specify this parameter to export logs for users 
with certain user roles. Multiple roles are comma 


separated. 


User roles you can specify: 
- Manager 

- Unit Manager 

- Auditor 

- Scanner 

- Reader 

- KnowledgeBase Only 

- Remediation User 

- Contact 


What logs are exported by default? For a Manager logs 
are exported for all users (all user roles) by default. For 
a Unit Manager logs are exported only for users (all 
user roles) in the Unit Manager s hierarchy (i.e. 


business unit). 


output_format=CSV (Optional) CSV (default) 


truncation_limit={value} (Optional) Limit the number of log records to include in 


the CSV output. 


Sample - Export activity log to csv format 
API request: 


curl -u "username:password" -H "X-Requested-With:curl" 
"https://qualysapi.qualys.com/api/2.0/fo/activity log/?action=list 


" 


Sample CSV output: 


"Date","Action","Module","Details","User Name","User Role","User 


Ip" 


"2017-02-03T04:35:382","login", "auth","user logged 


in", "saand_ rn", "Manager", "10.113.195.136" 


"2017-02-02T13:58:162","login", "auth","user logged 


in", "saand rn", "Manager", "10.113.195.136" 
"2017-02-02T13:48:07Z2","request", "auth", "A 


/api/2.0/fo/activity log/index.php", "saand_ 


95%. 1296" 
"2017-02-02T13:31:192","request", "auth", "A 


/api/2.0/fo/activity log/index.php","saand_ 


95.136" 
"2017-02-02T13:28:382","request", "auth", "A 


/api/2.0/fo/activity log/index.php","saand_ 


95.136" 
"2017-02-02T13:28:172","request", "auth", "A 
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/api/2.0/fo/activity log/index.php","saand rn","Manager","10.113.1 
95.136" 
"2017-02-02T13:27:27Z2","request", "auth", "API: 
/api/2.0/fo/activity log/index.php", "saand_rn", "Manager","10.113.1 
95.136" 
"2017-02-02T13:26:412","request","auth", "API: 
/api/2.0/fo/activity log/index.php", "saand_rn", "Manager", "10.113.1 
95.136" 
"2017-02-02T12:52:432","set","host_attribute","comment=[vvv] for 
11.11.11.4","saand_rn", "Manager", "10.113.14.208" 
"2017-02-02T12:52:432","add","option","11.11.11.4 added to both 
VM-PC license","saand_ rn", "Manager","10.113.14.208" 
"2017-02-02T12:50:32Z","create", "network", "New Network: 
Tabc'","saand_ rn", "Manager","10.113.14.208" 
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Appendix A - API Documentation 


Looking for details on XML output and DTDs? Download this reference 
Qualys API (VM, PC) XML/DTD Reference 


You can find all our latest API Documentation at the Qualys Community at Qualys 
Documentation 


HTML documentation is available through the product for your convenience. Just log into 
your account, choose Help > Resources from the top menu. 
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Appendix B - Ports used for scanning 


Here's a list of ports used by Qualys Vulnerability Management to scan your host assets. 


TCP Standard Scan (about 1900 ports) 


TCP Light Scan (about 160 ports) 
UDP Standard Scan (about 180 ports) 
UDP Light Scan (about 30 ports) 


TCP Standard Scan (about 1900 ports) 


1-3,5, 7,9, 11, 13, 15, 17-25, 27, 29, 31, 33, 35, 37-39, 41-223, 242-246, 256-265, 280-282, 309, 
311, 318, 322-325, 344-351, 363, 369-581, 587, 592-593, 598, 600, 606-620, 624, 627, 631, 633- 
637, 666-674, 700, 704-705, 707, 709-711, 729-731, 740-742, 744, 747-754, 758-765, 767, 769- 
777, 780-783, 786, 799-801, 860, 873, 886-888, 900-901, 911, 950, 954-955, 990-993, 995- 
1001, 1008, 1010-1011, 1015, 1023-1100, 1109-1112, 1114, 1123, 1155, 1167, 1170, 1207, 
1212, 1214, 1220-1222, 1234-1236, 1241, 1243, 1245, 1248, 1269, 1313-1314, 1337, 1344- 
1625, 1636-1774, 1776-1815, 1818-1824, 1900-1909, 1911-1920, 1944-1951, 1973, 1981, 1985- 
2028, 2030, 2032-2036, 2038, 2040-2049, 2053, 2065, 2067, 2080, 2097, 2100, 2102-2107, 
2109, 2111, 2115, 2120, 2140, 2160-2161, 2201-2202, 2213, 2221-2223, 2232-2239, 2241, 
2260, 2279-2288, 2297, 2301, 2307, 2334, 2339, 2345, 2381, 2389, 2391, 2393-2394, 2399, 
2401, 2433, 2447, 2500-2501, 2532, 2544, 2564-2565, 2583, 2592, 2600-2605, 2626-2627 
2638-2639, 2690, 2700-2702, 2716, 2766, 2784-2789, 2801, 2908-2912, 2953-2954, 2967, 2998, 
3000-3002, 3006-3007, 3010-3011, 3020, 3047-3049, 3080, 3127-3128, 3141-3145, 3180-3181, 
3205, 3232, 3260, 3264, 3267-3269, 3279, 3306, 3322-3325, 3333, 3340, 3351-3352, 3355 
3372, 3389, 3421, 3454-3457, 3689-3690, 3700, 3791, 3900, 3984-3986, 4000-4002, 4008-4009, 
080, 4092, 4100, 4103, 4105, 4107, 4132-4134, 4144, 4242, 4321, 4333, 4343, 4443-4454, 
500-4501, 4567, 4590, 4626, 4651, 4660-4663, 4672, 4899, 4903, 4950, 5000-5005, 5009- 
5011, 5020-5021, 5031, 5050, 5053, 5080, 5100-5101, 5145, 5150, 5190-5193, 5222, 5236, 
5300-5305, 5321, 5400-5402, 5432, 5510, 5520-5521, 5530, 5540, 5550, 5554-5558, 5569, 
5599-5601, 5631-5632, 5634, 5650, 5678-5679, 5713-5717, 5729, 5742, 5745, 5755, 5757 
5766-5767, 5800-5802, 5900-5902, 5977-5979, 5997-6053, 6080, 6103, 6110-6112, 6123, 6129, 
6141-6149, 6253, 6346, 6387, 6389, 6400, 6455-6456, 6499-6500, 6515, 6543, 6558, 6588, 
6660-6670, 6672-6673, 6699, 6767, 6771, 6776, 6789, 6831, 6883, 6912, 6939, 6969-6970, 
7000-7021, 7070, 7080, 7099-7100, 7121, 7161, 7174, 7200-7201, 7300-7301, 7306-7308, 7395 
7426-7431, 7491, 7511, 7777-7778, 7781, 7789, 7895, 7938, 7999-8020, 8023, 8032, 8039, 
8080-8082, 8090, 8100, 8181, 8192, 8200, 8383, 8403, 8443, 8450, 8484, 8500, 8732, 8765 
8886-8894, 8910, 9000-9002, 9005, 9043, 9080, 9090, 9098-9100, 9400, 9443, 9495, 9535 
9570, 9872-9876, 9878, 9889, 9989-10002, 10005, 10007, 10080-10082, 10101, 10202, 10204, 
10520, 10607, 10666, 11000-11002, 11004, 11223, 12000-12002, 12076, 12223, 12287, 12345- 
12346, 12361-12362, 12456, 12468-12469, 12631, 12701, 12753, 13000, 13333, 14237-14238, 
15858, 16384, 16660, 16959, 16969, 17000, 17007, 17300, 18000, 18181-18186, 18190-18192, 
18194, 18209-18210, 18231-18232, 18264, 19541, 20000-20001, 20011, 20034, 20200, 20203, 
20331, 21544, 21554, 21845-21849, 22222, 22273, 22289, 22305, 22321, 22555, 22800, 22951, 
23456, 23476-23477, 25000-25009, 25252, 25793, 25867, 26000, 26208, 26274, 26409, 27000- 
27009, 27374, 27665, 29369, 29891, 30029, 30100-30102, 30129, 30303, 30999, 31336-31337, 
31339, 31554, 31666, 31785, 31787-31788, 32000, 32768-32790, 33333, 33567-33568, 33911, 
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34324, 37651, 40412, 40421-40423, 42424, 44337, 47557, 47806, 47808, 49400, 50000-50001, 
50505, 50766, 51102, 51107, 51112, 53001, 54320-54321, 57341, 60008, 61439, 61466, 62078, 
65000, 65301, 65512 


TCP Light Scan (about 160 ports) 


11, 13, 15, 17, 19-23, 25, 37, 42, 53, 66, 69-70, 79-81, 88, 98, 109-111, 113, 118-119, 123, 135 
139, 143, 220, 256-259, 264, 371, 389, 411, 443, 445, 464-465, 512-515, 523-524, 540, 548, 554, 
563, 580, 593, 636, 749-751, 873, 900-901, 990, 992-993, 995, 1080, 1114, 1214, 1234, 1352 
1433, 1494, 1508, 1521, 1720, 1723, 1755, 1801, 2000-2001, 2003, 2049, 2301, 2401, 2447, 
2690, 2766, 3128, 3268-3269, 3306, 3372, 3389, 4100, 4443-4444, 4661-4662, 5000, 5432 
5555-5556, 5631-5632, 5634, 5800-5802, 5900-5901, 6000, 6112, 6346, 6387, 6666-6667, 6699, 
7007, 7100, 7161, 7777-7778, 8000-8001, 8010, 8080-8081, 8100, 8888, 8910, 9100, 10000, 
12345-12346, 20034, 21554, 32000, 32768-32790 


UDP Standard Scan (about 180 ports) 


7,9, 13,17, 19, 21, 37, 53, 67-69, 80, 98, 111, 121, 123, 135, 137-138, 161, 177, 371, 389, 407 
3, 445, 456, 464, 500, 512, 514, 517-518, 520, 555, 635, 666, 858, 1001, 1010-1011, 1015 
1024-1049, 1051-1055, 1170, 1194, 1243, 1245, 1434, 1492, 1600, 1604, 1645, 1701, 1807, 
1812, 1900, 1978, 1981, 1999, 2001-2002, 2023, 2049, 2115, 2140, 2801, 2967, 3024, 3129, 
3150, 3283, 3527, 3700, 3801, 4000, 4092, 4156, 4569, 4590, 4781, 5000-5001, 5036, 5060, 
5321, 5400-5402, 5503, 5569, 5632, 5742, 6051, 6073, 6502, 6670, 6771, 6912, 6969, 7000, 
7111, 7222, 7300-7301, 7306-7308, 7778, 7789, 7938, 9872-9875, 9989, 10067, 10167, 11000, 
11223, 12223, 12345-12346, 12361-12362, 15253, 15345, 16969, 17185, 20001, 20034, 21544, 
21862, 22222, 23456, 26274, 26409, 27444, 30029, 31335, 31337-31339, 31666, 31785, 31789, 
31791-31792, 32771, 33333, 34324, 40412, 40421-40423, 40426, 47262, 50505, 50766, 51100- 
51101, 51109, 53001, 54321, 61466 


UDP Light Scan (about 30 ports) 


7, 13,17, 19, 37, 53, 67-69, 111, 123, 135, 137, 161, 177, 407, 464, 500, 517-518, 520, 1434, 
1645, 1701, 1812, 2049, 3527, 4569, 4665, 5036, 5060, 5632, 6502, 7778, 15345 


H> 
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Appendix C - Scan Results JSON 


This section describes all the possible keys involved when a Scan API “fetch” request is 
made in JSON format (/api/2.0/fo/scan/?action-fetch&output_format=json). Click here for 
sample JSON output 


A list of keys for various scan scenarios is provided 
Scan Finished with Vulnerabilities 


Scan Cancelled 


Scan Error 
Scan Finished (Host Not Alive) 
Scan Paused 


Scan Interrupted 


Scan Finished with Vulnerabilities 
Scan Job 


launch _ date, active hosts, total hosts, type, status, reference, 
scanner appliance, duration, scan title, asset_groups, ips, excluded ips, 
option profile 


Per Host 


ip, dns, netbios, os, ip_status, qid, title, type, severity, port, protocol, 
fqdn, ssl, cve id, vendor reference, bugtraq id, cvss base, cvss_ temporal, 
cvss3 base, cvss3 temporal, threat, impact, solution, exploitability, 
associated malware, results, pci_vuln, instance, os _cpe, category, instance 


If PCI is Enabled 


pci_vuln 


Host Stats 


target distribution across scanner appliances 


hosts not scanned excluded host ip 

hosts not scanned host _not_ alive ip 

hosts not _scanned host not alive dns 
hosts not scanned host not alive netbios 

hosts not _scanned hostname not found ip 

hosts not scanned scan discontinued ip 

hosts not _scanned scan discontinued netbios_ instace ids 
hosts not _scanned scan discontinued netbios_ dns 

hosts not _scanned scan discontinued netbios 

hosts not _scanned_dns_ hostname could not be resolved 
hosts not_scanned_netbios could not _be resolved 

no vulnerabilities match your filters for these hosts 
hosts not _scanned dns could not be resolved 
hosts not _scanned_ip could not be resolved 
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hosts not scanned hostname not found netbios 
hosts not _scanned hostname_ not found dns 


Scan Cancelled 
Scan Job 


launch date, active hosts, total hosts, type, status, reference, 
scanner appliance, duration, scan title, asset _groups, ips, excluded ips, 
option profile 


Host Stats 


no vulnerabilities match your filters for these hosts 


host_not_ scanned, scan_canceled_ by user ip_ 

host _not_scanned, scan canceled by administrator ip_ 
host_not_ scanned, scan_canceled_ by service _ip_ 
host_not_ scanned, scan_canceled_ by unknown_ip_ 


host_not_ scanned, scan canceled by user, (#No of IP) hosts 

host _not_ scanned, scan canceled by administrator, (#No of IP) hosts 
host _not_ scanned, scan canceled by service, (#No of IP) hosts 
host_not_ scanned, scan canceled by unknown, (#No of IP) hosts 


host_not_ scanned, scan canceled by user dns_ 

host _not_ scanned, scan canceled by administrator dns_ 
host_not_ scanned, scan canceled by service dns _ 
host_not_scanned, scan canceled by unknown_dns_ 


host _not_ scanned, scan canceled by user instance ids_ 

host _not_ scanned, scan_canceled by administrator instance ids_ 
host_not_ scanned, scan canceled by service instance ids _ 

host _not_scanned, scan canceled by unknown_instance_ids_ 


host _not_ scanned, scan canceled by user, dns, (#No of DNS) hosts 

host_not_ scanned, scan canceled by administrator, dns, (#No of DNS) hosts 
host _not_ scanned, scan canceled by service, dns, (#No of DNS) hosts 

host _not_ scanned, scan canceled by unknown, dns, (#No of DNS) hosts 


host _not_ scanned, scan canceled by user, instance ids, (#No of DNS) hosts 

host _not_ scanned, scan canceled by administrator, instance ids, (#No of DNS) 
hosts 
host _not_ scanned, scan canceled by service, instance ids, (#No of DNS) hosts 
host _not_ scanned, scan canceled by unknown, instance ids, (#No of DNS) hosts 


host _not_ scanned, scan_ canceled by user netbios © 
host_not_ scanned, scan_canceled_ by administrator netbios_ 
host_not_scanned, scan canceled by service _netbios _ 

host _not_scanned, scan canceled _ by unknown_netbios _ 


host not _scanned, scan canceled by user, netbios, (#No of Netbios) hosts 
host_not_ scanned, scan_canceled_ by administrator, netbios, (#No of Netbios) hosts 
host_not_ scanned, scan_canceled by service, netbios, (#No of Netbios) hosts 
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host _not_scanned, scan canceled by unknown, netbios, (#No of Netbios) hosts 


Scan Error 
Scan Job 


launch date, active hosts, total hosts, type, status, reference, 
scanner_appliance, duration, scan title, asset_groups, ips, excluded ips, 
option profile 


Host Stats 


no vulnerabilities match your filters for these hosts 


Scan Finished (Host Not Alive) 
Scan Job 


launch _ date, active hosts, total hosts, type, status, reference, 
scanner appliance, duration, scan_title, asset_groups, ips, excluded_ips, 
option profile 


Host Stats 


target distribution across scanner appliances 
hosts not scanned host not alive ip 


Scan Paused 
Scan Job 


launch date, active hosts, total hosts, type, status, reference, 
scanner appliance, duration, scan title, asset _groups, ips, excluded_ips, 
option profile, network 


Per Host 


ip, dns, netbios, os, ip status, qid, title, type, severity, port, protocol, 
fqdn, ssl, cve_id, vendor reference, bugtraq id, cvss base, cvss_temporal, 
cvss3 base, cvss3 temporal, threat, impact, solution, exploitability, 
associated malware, results, pci_vuln, instance, os_cpe, category 


Host Stats 


target distribution across scanner appliances 
hosts not _scanned_host_not_ alive ip 

host_not_ scanned, scan _paused_by service ip_ 

no vulnerabilities match your filters for these hosts 


nost no 
NOSTE no 


_scanned, scan paused by user ip 

_scanned, scan paused by administrator ip_ 
host_not_scanned, scan paused by service ip_ 
host_not_ scanned, scan _paused_by unknown_ip_ 


host_not_ scanned, scan paused by user, (#No of IP) hosts 
host_not_scanned, scan paused by administrator, (#No of IP) hosts 
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host _not_scanned, scan paused by service, (#No of IP) hosts 
host_not_scanned, scan _paused by unknown, (#No of IP) hosts 


host _not_scanned, scan paused by user dns 
host_not_scanned, scan paused by administrator _dns_ 
host_not_scanned, scan paused by service dns_ 

host _not_ scanned, scan _paused_by unknown_dns __ 


host_not_ scanned, scan paused by user _instance_ids_ 

host _not_ scanned, scan paused by administrator instance ids_ 
host_not_ scanned, scan paused by service instance ids _ 

host _not_ scanned, scan paused by unknown_instance_ ids _ 


host _not scanned, scan paused by user, dns, (#No of DNS) hosts 

host_not scanned, scan paused by administrator, dns, (#No of DNS) hosts 
host _not_ scanned, scan paused by service, dns, (#No of DNS) hosts 

host _not_ scanned, scan paused by unknown, dns, (#No of DNS) hosts 


host _not_ scanned, scan paused by user, instance ids, (#No of DNS) hosts 

host _not_ scanned, scan paused by administrator, instance ids, (#No of DNS) hosts 
host _not_ scanned, scan paused by service, instance ids, (#No of DNS) hosts 
host_not_ scanned, scan paused by unknown, instance _ids, (#No of DNS) hosts 


host_not_ scanned, scan paused by user, netbios, (#No of Netbios) hosts 

host not scanned, scan paused by administrator, netbios, (#No of Netbios) hosts 
host_not_ scanned, scan paused by service, netbios, (#No of Netbios) hosts 

host _not_ scanned, scan paused by unknown, netbios, (#No of Netbios) hosts 


host _not_ scanned, scan paused by user netbios_ 
host_not_ scanned, scan _ paused by administrator _netbios_ 
host_not_ scanned, scan paused by service netbios _ 
host_not_ scanned, scan _paused_by unknown _netbios_ 


Scan Interrupted 
Scan Job 


launch _ date, active hosts, total hosts, type, status, reference, 
scanner appliance, duration, scan_title, asset_groups, ips, excluded_ips, 
option profile, network 


Host Stats 


no vulnerabilities match your filters for these hosts 


host_not_ scanned, scan_unknown_ by user ip_ 
host_not_ scanned, scan unknown by administrator ip_ 
host_not_ scanned, scan_unknown_by service ip_ 
host_not_ scanned, scan_unknown_by unknown_ip_ 


host_not_ scanned, scan_unknown_by user dns _ 

host not _scanned, scan_unknown_by administrator dns_ 
host _not_ scanned, scan_unknown by service dns __ 

host _not_scanned, scan_unknown_by unknown dns _ 
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host not _scanned, scan_unknown_by user instance ids_ 

host not _scanned, scan unknown by administrator instance ids_ 
host _not_scanned, scan unknown by_service instance ids_ 

host _not_scanned, scan unknown by unknown instance ids _ 


host _ not _scanned, scan unknown by user, (#No of IP) hosts 
host_not_scanned, scan_unknown by administrator, (#No of IP) hosts 
host _not_ scanned, scan unknown by service, (#No of IP) hosts 
host_not_ scanned, scan _unknown by unknown, (#No of IP) hosts 


host_not_ scanned, scan unknown by user, dns, (#No of DNS) hosts 
host_not_ scanned, scan_unknown by administrator, dns, (#No of DNS) hosts 
host_not scanned, scan_unknown by service, dns, (#No of DNS) hosts 

host _not_ scanned, scan_unknown_by unknown, dns, (#No of DNS) hosts 


host _not_ scanned, scan unknown by user, instance ids, (#No of DNS) hosts 
host_not_ scanned, scan_unknown_by administrator, instance ids, (#No of DNS) hosts 
host not scanned, scan_unknown_by service, instance ids, (#No of DNS) hosts 
host_not_ scanned, scan_unknown by unknown, instance _ids, (#No of DNS) hosts 


host_not_ scanned, scan unknown by user netbios_ 
host_not_ scanned, scan_unknown_by administrator netbios __ 
host _not_scanned, scan unknown by service netbios_ 
host_not_ scanned, scan_unknown_by unknown _netbios _ 


host_not_ scanned, scan unknown by user, netbios, (#No of Netbios) hosts 
host_not_scanned, scan_unknown by administrator, netbios, (#No of Netbios) hosts 
host_not_ scanned, scan_unknown by service, netbios, (#No of Netbios) hosts 
host_not_ scanned, scan_unknown by unknown, netbios, (#No of Netbios) hosts 


hosts not scanned, hostname not found, (#NumberOfNoTrackerIP) hosts 

hosts not scanned, hostname not found, netbios, (#NumberOfNoTrackerNETBIOS) hosts 
hosts not scanned, hostname not found, dns, (#NumberOfNoTrackerDNS) hosts 

hosts not scanned, hostname not found, instance ids, (#NumberOfNoTrackerDNS) 
hosts 


hosts not scanned excluded host dns 
hosts not _scanned excluded host instance ids 


hosts _ not scanned excluded host netbios 


hosts not _scanned host not alive dns 
hosts not_scanned_host_not_alive instance _ids 


Sample JSON output 
[ 


"scan report template title": "Scan Results", 
"result_date": "06/29/2018 06:19:26", 
"company": "Qualys, Inc", 

"add1": "919 E Hillsdale Blvd,4th Floor", 
"add2": null, 
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"city": "Foster City", 

"state": "California", 

"country": "United States of America", 
"zip": "94404", 

"name": "Mayur Mistry", 

"username": "mayur mm", 

"role": "Manager" 


"scan date": "09/29/2018 21:20:35", 
"active hosts": null, 

"total hosts": "457660", 

"type": "On Demand", 

"status": "Canceled", 

"reference": "scan/1527628838.16797", 
"scanner appliance": "", 
"duration": "00:00:24", 

"scan title": "My Scan", 
"asset groups": "4.5LIPs", 
"Jos"? "10.10.0.-0,-.10.10.0.2, 
"excluded ips": "", 


"option profile": "Initial Options" 


"host _not_scanned, scan_canceled by user ip ": 


2, 10.10.0.4, 10.10.0.6" 
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10.10.0.6", 


"10.10.0.0, 
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Appendix D - Error Codes / Descriptions 


Here's a list of Qualys API error codes along with a description of what each code means. 
For an API request that had an error, you'll find the error code and text in the XML 


response. 
HTTP Error Error Text Meaning 
Status Code 
TTP/1.1 L901 Unrecognized The API request contained one or more 
400 Bad parameter(s):... parameters which are not supported, or 
Request are not available to the browsing user. 
TTP/1.1 1903 Missing required The API request did not contain one or 
400 Bad parameter(s):... more parameters which are required. 
Request 
TTP/1.1 L904 Please specify only one of The API request contained 2 or more 
400 Bad these parameters... parameters from a group from which at 
Request most one may be specified. 
TTP/1.1 L905 parameter ... has invalid The API request contained a valid 
400 Bad value... parameter specified with an invalid value. 
Request 
TTP/1.1 L907 The following combination The API request contained an invalid or 
400 Bad of key=value pairs is not unsupported combination of parameters. 
Request supported... 
TTP/1.1 1908 Request method (GET or The API request was made with an 
400 Bad POST) is incompatible with unsupported HTTP request method (GET 
Request specified parameter(s):... or POST or PUT or DELETE or HEAD). 
TTP/1.1 1920 The requested operationis The API request was blocked by other API 
409 blocked by one or more requests. In practice this should be 
Conflict existing Business Objects replaced by one of error code 1960 or 1965 
(see below). 
TTP/1.1 1960 The requested operation is Too many other API requests currently 
409 blocked by one or more running (i.e. concurrency limit). 
Conflict existing Business Objects 
TTP/1.1 1965 The requested operationis Too many other API requests have run 
409 blocked by one or more recently (i.e. rate limit). 
Conflict existing Business Objects 
TTP/1.1 1922 Please specify atleastone The API request was missing some 
400 Bad of the following required information (but not necessarily a 
Request parameters.... single specific parameter). 
TTP/1.1 1981 Your request is being The API request is for a business operation 
202 processed. Please try this which is already underway. 
Accepted same request again later. 
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HTTP Error Error Text Meaning 

Status Code 
HTTP/1.1 999 Internal Error The API request failed for some reason 
400 Bad having to do with the (client) request. In 
Request practice this should always be expressed 


as some other error type, giving more 
information about what was actually 
wrong with the request. 


HTTP/1.1 999 Internal Error The API request failed due to a problem 
501 with QWEB. 
Internal 
Error 
HTTP/1.1 1999 We are performing The API request failed because the Qualys 
503 scheduled maintenance on Cloud Platform is in maintenance mode. 
Maintenan our System. We apologize 
ce for any inconvenience. 
HTTP/1.1 2000 Bad Login/Password The API request failed because of an 
401 authentication failure. 
Unauthori 
zed 
TTP/1.1 2002 User account is inactive. The API request failed because of an 
403 authorization failure. 
Forbidden 
TTP/1.1 2003 Registration must be The API request failed because nobody has 
409 completed before AP yet accepted the EULA on behalf of the 
Conflict requests will be served for user’s subscription. 
this account 
TTP/1.1 2011 SecureID authenticationis The API request failed because SecureID 
409 required for this account,so authentication won't work with API calls. 
Conflict API access is blocked 
TTP/1.1 2012 User license is not The API request failed because the user’s 
403 authorized to run this API. subscription does not have API access 
Forbidden enabled. 
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PCRS Error Codes 


This section includes information on the PCRS error codes that you may encounter and 


their descriptions. 


Error Code Description 


Action Required 


Error Code: 401 Incorrect credentials provided 


by the user. 


"“authentication_exceptions" : 
"Authentication Failure: 1 

errors, 0 
successes:authenticationFailu 


e.InvalidCredentialsException' 


| 


r 


'] 


Enter correct credentials and run the 
API again. 


Error code: 401 Expired authentication token 


entered by user. 
{ 
"status": 401, 
"error": "Unauthorized", 
"message": "JWT expired" 


) 


Enter correct valid token from /auth 
API and call the API again. 


Error code: 401 Invalid token provided. 
"status": 401, 
"error": "Unauthorized", 
"message": "Not 


authenticated" 


} 


Enter correct valid token from /auth 
API and call the APIs again. 


200 ok Compliance Policy does not 


exist 


| 


{ 
"policyld": "94473", 


"subscription!d": "1981983", 


"hostIds": [], 
"error": "I 
Policy does not exist." 
} 
] 


: Error: Compliance 


Enter correct policy ID and run the 
API again. 


400 


numeric characters. 


[{"response":f"datetime":"2021- 
10- 


Policy ID entered contains non- 


28T13:29:06Z","code":1905,"text" 


:"parameter policy_ids has 


invalid value: 4199751a (Invalid 


value: 4199751a)"}}] 


Enter only numeric value for policy 
IDs. 
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Error Code Description Action Required 
404 nvalid parameter for Enter integer value - 0 or 1 for the 
“evidenceRequired". evidenceRequired request parameter. 
"message": "Invalid input 
Parameter." 
404 nvalid input parameter for Enter integer value - 0 or 1 for the 
“compressionRequired” compressionRequired request 
parameter. 
"message": "Invalid input 
Parameter." 
Connection Output stream has no data in Run the API again with all valid inputs 
broken stream. and options. 


(client error) 


“Connection broken: 
InvalidChunkLength(got length 
b", 0 bytes read)", 
InvalidChunkLength(got length 
b", 0 bytes read) 


Server side Client and server connection is Run the API again with all valid inputs 
error broken due to connectivity loss and options. 

then below error will get on 

server logs. 
403 This error occurs incase ofan Use a valid PC license. 


SCA-only account. 


403 Forbidden: 
[{"response":{"datetime':"2021- 
10- 
28T07:24:26Z","code":2012,"text" 
:"User license is not authorized 
to run this API."}}] 


You can find all our latest API Documentation at the Qualys Community at Qualys 


Documentation. 
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Appendix E - Streaming Posture API Client 
Sample Code (Python) 


The following table contains output parameters and their descriptions: 


Following is a sample code to demonstrate how to use Qualys Policy Compliance Streaming Posture API to download host posture by using Python script. 


Output Parameter Name 


Description 


id 


Posture record ID 


instance Instance type/name 
policyId Policy ID 

controlld Control ID 

technologyId Technology ID 

status Posture Status 
previousStatus Previous Posture Status 
firstFailDate Posture first fail date 
lastFailDate Posture last fail date 
firstPassDate Posture pass date 
lastPassDate Posture last date 
postureModifiedDate Posture last modified date 
lastEvaluatedDate Posture last evaluated date 
created Posture creation date 
hostId Host ID 

ip Asset instance IP address 
trackingMethod Asset tracking method 

os Asset instance operating system 
osCpe OS Platform Enumeration 
dns Host ID 

qgHostid QualysGuard Host ID 
networkld Network ID 
networkName Network name 


complianceLastScanDate 


Policy Compliance last scan date 


customerUuid Customer UUID 
customerld Customer ID 
assetld Asset ID 
technology : id Technology ID 
technology : name Technology name 


criticality : label 


Control criticality label 
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Output Parameter Name Description 

criticality : value Control criticality value 

evidence : expectedValues Posture evidence expected values 

evidence : currentValues Posture evidence current values 
causeOfFailure : missing Failed Posture cause of failure missing values 


causeOfFailure : unexpected Failed Posture unexpected value for failure result 


# You need to install requests library such as PIP Install Requests. 


import requests 

from requests.exceptions import Timeout 
import json 

import datetime 

import time 

import sys 


import zlib 


# Function to handle various errors 


def handlerError(size, error): 
print ('Total size downloaded %.2fm'%size/1048576) 
#Print total data downloaded in MBs 
print (type (error) ) 
print (error.args) 
print (error) 


# First authenticate the user to get the token needed for 
subsequent API calls 


headers = {'Content-Type': 'application/x-www-form-urlencoded' } 
authUrl='https://gateway.<assigned URL>/auth' # 
data = {'username':'username', 

"password': 'password', 'token':True} # Replace username and 


password with actual userid and password 

authResp=requests.post(authUrl, data=data, headers=headers, 
verify=False) 
token=authResp.content.decode ('utf-8') 


# Use the token returned by the authentication call 

# Retrieve the host IDs associated with the particular policy 

headers={ 
‘accept':'application/json', 
"Authorization': 'Bearer '+token} 


params={'policylId':'policyid'} 
#Replace with the actual policy ID, pass multiple policy IDs as 
comma-separated list 
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url='https://gateway.<assigned URL>/pcrs/1.0/posture/hostids' 
response=requests.get (url, params=params, headers=headers, 
verify=False) 


# check the response of host IDs API 

if (response.status code!=200): 
print ("Unexpected response from hostids API: ") 
print (response.status_ code) 


exit () 


# Pass the host IDs retrieved in the previous APIs to posture 
info API 


headers={ 
‘accept':'application/json', 
"Authorization': 'Bearer '+token, 
"Content-Type':'application/json' } 


postureUrl = 'https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressio 
nRequired=1' 


# If compression is used and you want to decompress the data on 
the fly 


q = zlib.decompressobj (16+zlib.MAX WBITS) 


#with open("output.json", 'wb') as f: #If compression is used 
the zip file is to be stored 
with open("output.json", 'w') as f: #If compression is used and 
decompressing on the fly or no compression used 

print('API Invoked at:') 

print (datetime.datetime.now() ) 

size=0.0 

EEY: 

with requests .post (url=postureUrl, headers=headers, 

data=response.content, stream=True, timeout=3600, verify=False) 
as postureStream: 


if (postureStream.status code!=200): 
print ("Unexpected response from posture API: ") 


print (postureStream.status_code) 


exit () 
print('First response received at: ') 


start = time.time() 
print (datetime.datetime.now() ) 
for chunk in 
postureStream.iter content (chunk _size=1048576) : 
if chunk: 
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chunk size=len(chunk) 


nd=time.time()+1 
outstr = d.decompress(chunk) # If compression 
is not used or storing zip file, please comment this line 


size += len(outstr) 
print ('Download speed: [%.2fkbps], Chunk 


size: [%.2fk], total size: [%.2fm] at time %s'%((size/ (end- 
start) )/1024, 


chunk size/1024,size/1048576, datetime. datetime.now().strftime(" 
%H:3M:%8") ),end="\r") 
f.write (outstr.decode () ) 
f£.flush() 
postureStream.close 
f£.flush() 
print('\nAPI finished at') 
print (datetime.datetime.now() ) 


except Exception as e: 
handlerError(size. e) 


except ProtocolError as pe: 


handlerError(size, pe) 
£.close() 


# Following is a sample code to demonstrate how to use Qualys Policy Compliance 
Streaming Posture API for concurrent processing of host posture by using Python script. 


# You need to install requests library such as PIP install requests, PIP install json_stream, 
and PIP install dicttoxml. 


import requests 

from requests.exceptions import Timeout 
import json 

import datetime 

import time 

import sys 

import zlib 

import threading 


import json stream 


def worker(): 
with open("output.json", 'r') as f: 

data = json_stream.load(f) 

count=0 

for posture in data.persistent(): 

print('Count [%d] Control Id [%s] IP[%s] Criticality 
[Ss] Status[%s]'%S (count, 
posture['controllId'], 
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posture['ip'], 
posture['criticality']['label'],posture['status']),end="\r") 
count += 1 


f£.close() 


# Function to handle various errors 


def handlerError(size, error): 
print (type (error) ) 
print (error.args) 
print (error) 


# First authenticate the user to get the token needed for 
subsequent API calls 

headers = {'Content-Type': 'application/x-www-form-urlencoded' } 
authUrl='https://gateway.<assigned URL>/auth' # 
data = {'username': <USER NAME>, 

"password':<PASSWORD>, 'token':True} # Replace username and 
password with actual user ID and password 
authResp=requests.post(authUrl, data=data, headers=headers, 
verify=False) 


token=authResp.content.decode('utf-8') 


# Use the token returned by the authentication call 
# Retrieve the host ids associated with the particular policy 


headers={ 
‘accept':'application/json', 
"Authorization': 'Bearer '+token} 


params={'policylId':'xxx'} 
#Replace with the policyid, pass multiple policyids as comma 
separated list 


url='https://gateway.<assigned URL>/pcrs/1.0/posture/hostids' 
response=requests.get(url, params=params, headers=headers, 
verify=False) 


# check the response of host ids API 
if (response.status_code!=200): 
print ("Unexpected response from hostids API: ") 


print (response.status_ code) 
exit () 


# Pass the host ids retrieved in the previous APIs to posture 


info API 
headers={ 
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'accept':'application/json', 
'Authorization': 'Bearer '+token, 
'Content-Type':'application/json') 


postureUrl = 'https://gateway.<assigned 
URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0écompressio 
nRequired=1' 


# If compression is used and you want to decompress the data on 
the fly 


q = zlib.decompressobj (16+zlib.MAX WBITS) 


apiTime = datetime.datetime.now() 
with open("output.json", 'w') as f: #If compression is used and 
decompressing on the fly or no compression used 

print('API Invoked at:') 

print (datetime.datetime.now() ) 

tl = threading.Thread(target=worker, daemon=True) 

or ys 

with requests.post(url=postureUrl, headers=headers, 

data=response.content, stream=True, timeout=3600, verify=False) 
as postureStream: 


if (postureStream.status code!=200): 
print ("Unexpected response from posture API: ") 
print (postureStream.status_ code) 
exit () 

print('First response received at: ') 

start = time.time() 

print (datetime.datetime.now() ) 


count=0 


for chunk in 
postureStream.iter content (chunk _size=1048576): 
if chunk: 
outstr = d.decompress(chunk) # If compression 
is not used or storing zip file, please comment this line 
f.write (outstr.decode() ) 


f£.flush() 

if count == 
# turn-on the worker thread 
ti.start:( 


) 
count += 1 


postureStream.close 
apiTime = datetime.datetime.now() 
except Exception as e: 


handlerError(size. e) 
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except ProtocolError as pe: 
handlerError(size, pe) 


f£.close() 


tl.join() 
print('\nAPI Finished at [%s] All the procesing completed at 


[ss] '%S (apiTime, datetime.datetime.now() ) ) 
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